The currently bitbucket plugin is using Digital.AI Release server file systems for cloning and committing files to Bitbucket. When the clone operation happens, we want the repo to be cloned to user machines rather than cloning the same into Digital.AI Release servers where users dont have access to.
The clone repo, committing files and other tasks which uses Digital.AI Release servers need to change and it must use file systems/storage from user machines only where they run these tasks from.
by: Thirumal R. | 5 months ago | Integrations
Comments
For security reasons, it is best practice to avoid cloning code repositories directly to local systems during releases. Instead, we recommend utilizing the Release platform's secure cloning mechanism.
Additionally, to ensure data integrity and compliance, we advocate for purging and archiving repositories on the Release platform. This can be accomplished by creating a script task within Release and scheduling it according to your specific requirements.
We appreciate your understanding of the security concerns surrounding local cloning of code repositories.
However, we understand that you may have specific requirements that necessitate a different approach. If this is a deal-breaker for your project, we would be happy to have a follow-up discovery session to discuss alternative solutions.
Very similar request on this subject: https://ideas.digital.ai/devops/Idea/Detail/4116
Hi,
Apologies for the delay in responding to this comment. If user has access to the repo, I dont know what kind of security concern we have to let them clone the repo into their local machine, make changes to it and update the same back to repo using Bitbucket plugin for Digital.AI Release.
The problem with cloning the code into Release servers/nodes is that, users may not have access to the cloned files/folders because access to Release servers/nodes is restricted only to Release Admin Team.
We would like to discuss about this further with the team to move forward with that.
Thanks,
Thiru