Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Is there a secure ssh step for bitbucket pipelines

Stephan Eicher
Stephan Eicher Oct 06, 2023

I saw that the `ssh-run` bitbucket pipeline still relies on `alpine:3.9` container image.

https://bitbucket.org/atlassian/ssh-run/src/798568418ced843e20e6465092a74b1a04a8dd66/Dockerfile#lines-1

As far as i could find the security updates for that release were stopped on 01 Jan 2021

I suspect that this old release includes many security issues which were fixed in newer versions of alpine linux.

This should definitely be fixed as this container has access to private keys used to deploy software to production systems.

Answer
Watch
Like Be the first to like this
246 views

2 answers

1 accepted

0 votes
Answer accepted
Igor Stoyanov
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Oct 26, 2023

@Stephan Eicher hi. The alpine image updated in following pipes:

 

Regards, Igor

Reply
0 votes
Igor Stoyanov
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Oct 06, 2023

@Stephan Eicher hi. Thanks for your investigation.
We will update the ssh-run pipe docker image  and notify you.

 

Regards, Igor

View More Comments
Like
Igor Stoyanov
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Oct 18, 2023

@Stephan Eicher hi. According to this page:

python 3.10 EOL will be 2026-10, so no changes needed.

But we will update alpine image in your listed in the comments pipes.

We have more than 50 pipes to maintain, so, unfortunately, our strategy usually when no new features to be implemented is to wait for users feature request.
You could always ask us in the community to bump a pipe version or even create a pull-request by yourself since it is open-sourced.

Also keep in mind that pipes are not the same as pipelines.

Pipes provide a simple way to configure a pipeline. They are especially powerful when you want to work with third-party tools. More details here.

 

Regards, Igor

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

See all events