Data Security and Privacy Statement - Dynamic plans

The document applies to the Dynamic plans plugin.

Dynamic plans plugin is allowing to use scripts in certain functionalities, users should be advised that there are risks of exposing data (bamboo configuration / credentials if this is not done properly) via build logs.

A few guidelines with regards to these aspects:

- do not run the plugin in full debug mode (by changing bamboo log levels) unless you are troubleshooting

- if you are running in debug mode, source control information of the particular job using the plugin may be exposed in the build log. Create temporary test users that you can safelly remove or with limited access.

The script you are including in the scripted variables has access to the bamboo agent side components which may allow further logging of confidential data (eg. credentials of source control - service accounts).

The plugin will attempt to mask passwords in its own logging output, this is not guaranteed to work for all cases.

The plugin doesn't communicate any data to the vendor related to the builds, use or the processes executed. It will communicate with Atlassian regarding the license information only via the UPM which is part of standard Bamboo server installations.

No comments:

Post a Comment