Security Considerations

All user-defined code in ScriptRunner for Bamboo tasks is executed on the Bamboo host instance, even if building locally on the host instance is disabled and builds are configured to only execute on remote agents.

Because user-defined code runs on the Bamboo host instance in the same JVM, it must be assumed that the code has complete access to the instance, equivalent to the access level of a system administrator.

All users who are able to create/modify tasks can configure tasks from ScriptRunner for Bamboo; therefore it should be assumed that code written by these users has complete access to the system.

If you would like to disable the tasks in ScriptRunner for Bamboo entirely, you can do so by following the instructions below:

  • Browse to Manage apps as a global Bamboo administrator 
  • Locate the Adaptavist ScriptRunner for Bamboo app in the list of installed apps and click on the app to expand further information
  • In the expanded section, click the blue text on the right-hand side that says something like X of X modules enabled 
  • An expanded list of modules will be shown
  • Hover over the SR Filtering PreBuild Queued Action module and disable it by clicking the Disable button on the right.
  • Hover over the ScriptRunner Condition Tasks module and disable it by clicking the Disable button on the right.
  • Hover over the ScriptRunner Scriptable Tasks module and disable it by clicking the Disable button on the right.

Once the above modules have been disabled, tasks from ScriptRunner for Bamboo will not be visible for configuration, and any existing task configurations will no longer execute.

Disabled modules will persist across application restart.