You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Commands are sourced from the BK instructions, whereas scripts are sourced from your repository. In the case of a malicious job instruction from Buildkite, the option provides a layer of defense. Does that make it clear?
I’ll try to clarify! This option doesn’t provide any protection for people with repository access… like you said, they can just change the executable scripts.
This option is usually used alongside the other options and techniques (e.g. hooks that do whitelisting), when you’re trying to ensure that only things that have been sourced from your repositories are being executed (and not arbitrary commands defined only in Buildkite or by a malicious third party).
Can't someone just evaluate things in a script? What value does this option add?
The text was updated successfully, but these errors were encountered: