Building Bitbucket Cloud for enhanced security, compliance, and scale

Building Bitbucket Cloud for enhanced security, compliance, and scale

With support for Bitbucket Server ending in February 2024, we’re seeing more and more of our enterprise customers moving their code to the cloud. To enable a smooth migration to cloud for our Bitbucket Server and Data Center customers and to enable our existing cloud customers to scale, we are continuing to build features around security, compliance, and scale in Bitbucket Cloud.

In our last update, we announced improvements to performance and reliability as a result of our move to AWS, full code encryption at rest, and native integration with Snyk, the market leader in developer security. Since then, we’ve launched features to enable more governance around code, are investing in deeper integrations with the Atlassian platform, and are expanding our CI/CD functionality in Bitbucket Pipelines.

Here’s what we’ve recently launched and some key projects that are in flight.

Security & Compliance

Bitbucket Cloud is hosted on the same Atlassian Cloud platform that supports over 250,000 customers around the globe. Our products are built on best-in-class technologies, your data is protected with encryption in transit and at rest, and we provide controls to enforce organization-wide protection such as SAML SSO, and enforced 2FA.

On the product side, we’ve recently launched several features and controls that you can manage to have more governance around your code.

Audit logs (Shipped): Bitbucket Cloud event logs are now in Atlassian Access so you can view them in one UI along with Jira and Confluence logs. Admins can track down changes in settings or permissions that affect compliance and security teams can use logs to investigate incidents. Learn more

Governance around user invitations (Shipped): With a new user group structure in place, workspace admins now have visibility into all new users added across the workspace and can vet their permissions. We’ve also added new controls so admins can disable users from sending invitations altogether or allow users to send invitations only to users with specific email domains. Learn more

Granular access tokens (Shipped): REST API tokens are typically tied to a user. However, when teams and user permissions change, user-based tokens can cause workflows to break. We’ve introduced a new set of API controls that are tied to resources – you can now create tokens at the repo, project or workspace level. Learn more

Enhanced Snyk integration (Shipped): Last year, we launched the native Snyk integration inside Bitbucket Cloud to make it easier for developers to find and fix security vulnerabilities before they ship. The updated version now has a streamlined onboarding process, making it easier and faster to set up. We’ve also added enterprise controls with IP allowlists so only authorized users can access security reports. Learn more

Signed commits (On the roadmap): This will allow a user to upload a GPG key to Bitbucket and then use that key to verify that they are indeed the author of that commit that they push. This ensures that you can have full control and knowledge over who is committing code to your repositories, keeping all code changes secure and compliant.

Data residency (On the roadmap): For those of you in countries with geo-based regulations around data storage, we realize the importance of giving you the option to be able to choose where we store your data. We are building the foundational pieces of work required to enable this capability and is on our longer-term roadmap.

Admin scalability

We are working to make our user provisioning and permissions functionality more scalable for larger teams. These investments will significantly reduce the time needed for admins to manage users and permissions.

Project-level permissions (Shipped): Our current process of managing permissions at the repo or user level. To allow admins to manage permissions at scale, we’re revamping our systems to allow permissions management at the project level. Project admins will be able grant or revoke permissions to all repos within a project in one action instead of having to grant permissions to each repo one by one. We are in the testing phase and targeting launch soon. Learn more

Shared user management (In the works): Today, Bitbucket user provisioning is managed within the Bitbucket UI. We know that this has been painful for enterprise admins who manage a large number of users and use multiple Atlassian tools. We’re working on integrating Bitbucket into Atlassian Admin so you can manage users across Jira, Confluence, and Bitbucket Cloud in the same UI. And if you use Atlassian Access, you can integrate with identity providers like Okta, Azure AD, and others.

Reliability & performance

99.9% uptime SLA’s (Shipped): Bitbucket Cloud joined Jira Software, Jira Service Management, and Confluence in offering Premium plan customers financially backed uptime SLAs. This means that if the availability of core Bitbucket Cloud features drops below 99.9% for a given month, you can get a credit on your account. Learn more

Faster repository storage (In the works): We’re continuing to work with the Bitbucket Data Center team to move to a new distributed storage model called Bitbucket Mesh. While the primary goal of Mesh is to improve performance, the distributed model lays the foundation for data residency.

Enterprise CI/CD

Use your own runners (Shipped): Last year, we launched support for self-hosted Linux runners so you can configure your pipelines to use your own runners behind the firewall. Since then, we’ve added support for Windows and MacOS runners so now you can manage your builds and tests across all major platforms via Bitbucket Pipelines. For even more flexibility, we launched support for non-containerized runners so you’re not bound by container limits on memory or hardware.

Smart caches (Shipped): With our smart caches feature, you can specify dependency versions in a config file and the cache automatically refreshes with the latest version. This means your builds will always use the latest version without spending time downloading new files during the build. Learn more SHIPPED

Configuration at scale (In the works): Maintaining CI/CD configuration across multiple repositories currently requires duplication across repositories. To help you manage configuration at scale and manage compliance across your team, we building functionality to enable sharing CI config across repositories. This means you can maintain a central config file with all the required tests and each repo admin can import the config into their pipeline.

Custom merge checks (On the roadmap): While our current merge checks feature allows you to check off a list of code quality checks before merging code, with custom merge checks, you’ll be able to set custom criteria that must pass in order for a pull request to be merged. These checks can be used to enforce code compliance based on your specific organization’s policies.

For estimated timelines on some of the upcoming features, check out our public roadmap (updated each quarter)

Migration tooling and resources

With support for Bitbucket Server being phased out in Feb 2024, here are some migration resources to help you evaluate and migrate to Bitbucket Cloud.

Exit mobile version