1. Bitbucket Website
  2. Public Issue Tracker
  3. master

Issues

Issue #3717 open

Limiting repo access by IP address (BB-3715)

Deputy
created an issue

Hi There

Could bitbucket allow block repo access by IP Address? For example, one of our repo should only be accessible from our office IP.

Competitor products (e.g. beanstalk) have this feature so hoping bitbucket supports it too.

Cheers Ashik

Comments (82)

  1. Deputy reporter
    • changed status to open

    Hi Dylan

    Thanks for taking the time to reply.

    I am a bitbucket evangelist and I can tell you whilst I talk to other people about your product, sensitivity and security of the source code people take VERY VERY seriously.

    The fact that people can log in from home to work -> itself is a great benefit in today's world. However, some of us are quite conscious of IP theft, code sensitivity etc for which we believe doing this slight extension to the security model is only beneficiary to the business customers of bitbucket.

    More so, your competitor beanstalk does provide this feature:

    http://beanstalkapp.com/features/security

    I will really appreciate you guys having a second thought into this. It's not only about current permission being enough for majority of your existing users. It's also all the customers you will have with added features and benefit.

    Many thanks in advance, Ashik

  2. Marcus Bertrand [Atlassian] staff

    We do not monitor or count +1s on issues. Please use the vote using the link near the top of this issue. This will help us decide if this will be done in the future. At the moment, it isn't on the roadmap. If you need detailed control and auditing in your organization, try Stash, our behind the firewall version of Bitbucket which you can control 100%.

  3. joecity

    +1

    Security of the source code is top priority for a lot of companies. In fact my company will probably stop using bit bucket due to the lack of an IP restriction feature.

  4. andre007

    +100500

    We would also upgrade from free to paid if this feature is implemented. Our still company is still very small, however we hired a couple of new programmers and its very important for us the code is not stolen. Ideally, if it would be possible to use different IP-based security settings for different team members e.g. we can allow our old staff to work from home, but not for the new ones.

    Please escalate this feature request at the higher level and we hope you'll implement it shortly. Otherwise, we'll have to search for another solution.

  5. rosh cherian

    Yes, its a very good feature.

    Could you please illuminate us with your reasons for not including this in your roadmap? Your colleague Charles McLaughlin commented earlier on this thread that its a good idea. Aren't good ideas supposed to be rolled out?

  6. Taha Zabuawala

    +1 for this feature, But make something Mutual SSL kind of feature as well, Because if a company is working on cloud IPs, The IPs are shared among multiple companies.

  7. Andre Guergolet

    +1 for this feature, for my personal projects I still using Jira, but for our office projects I will need this feature. Our security policy disallow home-office for our developers.

  8. andre007

    Bitbucket team, are you there? It's been awhile since you replied back to this issue. There're lots of +1 here and I believe there're lots of customers who want this functionality but don't post tickets. Please escalate this issue at a higher level since it's really important for teams, especially for distributed ones. Thanks in advance.

  9. Taha Zabuawala

    Team,

    I like BitBucket but because of our business needs and security we moved to Beanstalk already.

    This is the essential requirement for companies using bitbucket for their products and service codebase version control.

  10. Bachir El Khoury

    +100 how much $ do you need to have this feature? it just became a serious concern to us and we'll have to find a solution.

    We're loving bitbucket and would hate to move.

  11. chintan jadwani

    Thanks for the reply. My decision to use bitbucket because it is atlassian product and it is integrated with JIRA very easily. The issue tickets are raised on JIRA so we are using the link from Eclipse IDE > GIT and BitBucket > JIRA (where developer's commits are shown) So, can you help me to understand if beanstalk is also easy as bitbucket is? Thanks

  12. mgrofsky

    We use beanstalk with JIRA as well and Eclipse.

    Basically you can

    Post commit information Link to associated ticket Change ticket state Reassign a ticket Add labels to a ticket

    They offer a free account so can try it and see if its a viable alternative for you... It worked for us.

  13. Team Ceesark

    Today we have started using bitbucket for a small team in our org. By seeing non-existense of IP based restriction, bit nervous to provide the access to team member. Our expectation is to protect our product code in the safe manner. Make this option as soon as possible.

  14. Abhijit Deshpande

    Just started to evaluate and absence of this feature is a show stopper. Surprising that bitbucket team was prompt in saying wont fix as "most" users dont need it and when "most" users start asking for it they wont even bother to comment. Ofcourse this is a needed feature how do you expect companies to protect their IP without this. Expecially for startups and teams where thhere re lots of new guys/interns this is a must

  15. Abhay Deshpande

    I guess this has something to do with their product positioning. We still use paid BitBucket for our other projects but for projects where this feature is a must, we have moved to other vendor.

  16. vasops

    What's to prevent someone from pwning creds and sucking down source? Answer: nothing.

    +1 for this feature. In fact, we can't use bitbucket for our next project without this feature, and it's likely that our current projects will be moved off of bitbucket because this is currently impossible.

  17. Abhay Deshpande

    cjtorres - or have a look at xp-dev.com. We are using them since last 1 year or so, it has no frills, is cheap yet reliable. It also has Amazon S3 integration if you need double protection. We still hold BitBucket account but use xp-dev account for data-sensitive projects. Cheers, Abhay

  18. Log in to comment