セキュリティ

As a distributed application, Bamboo's security is important. This page contains links to security-related information in the Bamboo documentation.

Security advisories

For information on how to report a security vulnerability in Bamboo and our policy on security advisories and patches, please read Bamboo security advisories. A full list of security advisories that we have previously issued is also available on that page.

Bamboo 権限

For information on Bamboo's internal security model, i.e. user management and permissions, please see Users and permissions.

Remote agent security considerations

Please note the following security implications when enabling remote agents for Bamboo:

  • No encryption of data passed between server and agent — this includes data such as:
    • login credentials for version control repositories
    • build logs
    • build artifacts
  • No authentication of the agent or server — this could result in unauthorized actions being taken on your system, such as:
    • Unauthorized parties installing new remote agents — version control repository login credentials could be stolen.
    • Unauthorized parties masquerading as a Bamboo server — the unauthorized server could pass malicious code to the agent to run.
    • See Agent authentication for more information.

We strongly recommend that you do not enable remote agent installation on any Bamboo instance accessible from a public or untrusted network. Creating remote agents is Disabling and enabling remote agents support by default.

Bamboo configuration

The following pages contain information on how to configure Bamboo features that can permit/forbid access to the Bamboo application.

その他のセキュリティリソース

指定したラベルを持つコンテンツはありません。

最終更新日 2016 年 5 月 26 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.