Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Securing restricted source code in Bamboo

emddudley
emddudley
Contributor
May 17, 2012

Some projects on our Bamboo server have restricted source code. With script tasks it is possible for a build plan to view or copy source code from another build plan's working directory.

How do you secure Bamboo against this? We're running on Windows.

Answer
Watch
Like Be the first to like this
681 views

1 answer

1 accepted

1 vote
Answer accepted
Cameron Ferguso
Cameron Ferguson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 17, 2012

I dont' believe there would be a way to prevent it unless you had a "secure" bamboo setup that was completely separate from your unsecure bamboo setup....

If you make sure and select the "Clean working directory after each build" (in the miscellaneous section) for each job, then that will at least ensure that all the files in the working area are deleted after the job is complete... If you are only running 1 agent per box, then that might be all you want to use.

However if you are like us, we have a few high end boxes that run multiple bamboo agents. If you run multiple agents on a single box then there would be nothing to prevent access to the restricted data that was currently building at the same time another job was currently using a 2nd agent on the box even with that cleaning option.

The only way I can see protecting restricted code on a box running multiple agents would be to setup some windows user permissions on that folder... but then each agent would have to be run as a different user with permissions ONLY to view their agent home folder.

View More Comments
emddudley
emddudley
Contributor
May 17, 2012

I've thought about disabling the script plugin, but that's only one of many tasks that could be abused.

Your point on cleaning source directories will probably work for me. We are able to restrict our systems to a single agent per box.

Like
Cameron Ferguso
Cameron Ferguson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 17, 2012

I would also ensure that if your project creates any temporary files OUTSIDE of the bamboo working folder that you manually clean up those. This option will only clean the working directory of bamboo... not anything that was generated by your scripts outside of that folder.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.