Details
-
Bug
-
Resolution: Duplicate
-
Medium
Description
What I noticed
If you make a change to the bitbucket-pipelines.yml file on a branch, then the Pipelines run for that branch is run with that branch's version of the bitbucket-pipelines.yml file.
I understand this is fine for most cases, but in our case:
- Bitbucket Pipelines deploys changes to staging and production (trigger on master branch)
Therefore, if someone were to edit the bitbucket-pipelines.yml file on a branch without branch permissions enabled, then they could add the prod deploy steps to their branch trigger and deploy their branch to production.
That situation therefore isn't SOX compliant :disappointed:
Question
Is there currently a way to maintain SOX compliance on changes going to prod via Bitbucket Pipelines? Perhaps I missed an option somewhere.
If not, is there any future work planned to add this level of SOX compliance?
Apologies if I missed something and I'm completely wrong :sweat_smile: