I am using a Bitbucket runner for some work, as a library that is necessary for the pipeline is hosted on the company's private server, and a runner is one of the methods I can use to gain access and use those libraries.
Some security concerns arose regarding how Bitbucket gains access to my computer through a corporate firewall, and through what encryption/authentication method is it able to do so?
Thanks, hopefully this question is clear.
Hi Illya,
So Pipelines will communicate through our Stargate API to establish a connection with your runner (so that it can communicate to your private IP address).
Once it has established a connection - it uses websocket rather than HTTP to maintain the connection between client/server.
For the connectivity described above, you would need to have inbound whitelisting configured for our IP addresses as follows to establish the initial connection:
104.192.136.0/21 185.166.140.0/22 18.205.93.0/25 18.234.32.128/25 13.52.5.0/25
Once established, Pipelines will communicate between your local Runner and the Bitbucket Cloud UI via this websocket where commands are sent to be executed by either the container running on a Kubernetes pod (Pipelines) or self-hosted infrastructure (Runners).
The build status updates are then returned back in the same manner based on the success of those command executions.
Hope this helps.
Cheers!
- Ben (Bitbucket Cloud Support)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.