Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-15982

Apply compliance (SOX, etc) controls on the bitbucket-pipelines.yml file

    XMLWordPrintable

Details

    Description

      What I noticed

      If you make a change to the bitbucket-pipelines.yml file on a branch, then the Pipelines run for that branch is run with that branch's version of the bitbucket-pipelines.yml file.

      I understand this is fine for most cases, but in our case:

      • Bitbucket Pipelines deploys changes to staging and production (trigger on master branch)

      Therefore, if someone were to edit the bitbucket-pipelines.yml file on a branch without branch permissions enabled, then they could add the prod deploy steps to their branch trigger and deploy their branch to production.

      That situation therefore isn't SOX compliant :disappointed:

      Question

      Is there currently a way to maintain SOX compliance on changes going to prod via Bitbucket Pipelines? Perhaps I missed an option somewhere.

      If not, is there any future work planned to add this level of SOX compliance?

      Apologies if I missed something and I'm completely wrong :sweat_smile:

      Attachments

        Activity

          People

            Unassigned Unassigned
            emoreau@atlassian.com Elie
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: