Who really made a commit?

I've been playing about with the command line pushing commits into a repo. The repo is private and therefore I need to authenticate with either HTTPS or SSH - I get the same following behavior either way.

It appears, despite authenticating, that I can chose to commit using any identity I want simply by changing the user.email config setting. If I change it to a colleagues email address the commit appears to have been made by him.

Am I missing a repo setting that forces the commit to be under the authenticated user's identity? As it stands things appear to be pretty broken from an audit point of view.

1 answer

0 votes

Hi Richard,

That is how git works in principle. In Bitbucket Server you can enable the Verify Committer post-receive hook that verifies that the committer is the user pushing see Using repository hooks.

In addition, starting with Bitbucket Server 5.1 we offer GPG signed commits, giving you additional layer of authentication - see the Bitbucket Server 5.1 release notes for details.

Cheers,

Christian

Premier Support Engineer

Atlassian

Thanks for the response Christian

So is this a feature I can enable in my repos on Bitbucket in the cloud or would I need to go on-premise?

Hi Richard,

I'm not an expert on Bitbucket Cloud, but from what I understand that is a feature that's only available on Bitbucket Server.

Cheers,

Christian

Premier Support Engineer

Atlassian

Suggest an answer

Log in or Join to answer
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

642 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot