Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
what is the purpose of --no-command-eval? #913
I’ll try to clarify! This option doesn’t provide any protection for people with repository access… like you said, they can just change the executable scripts.
This option is usually used alongside the other options and techniques (e.g. hooks that do whitelisting), when you’re trying to ensure that only things that have been sourced from your repositories are being executed (and not arbitrary commands defined only in Buildkite or by a malicious third party).