Modifying pre-receive hooks on Bitbucket Cloud

Asked 13/5, 2019 at 4:33 Answered 10/11, 2023 at 13:32

We have Bitbucket Cloud not Bitbucket Server. Is there a way to modify the "pre-receive" functions on Bitbucket? Goal is to audit pushes to make sure there's no obvious vulnerabilities before the code is available on Bitbucket. Git-hooks might work but there's not really a way to get them into version control in the same repo - the only way I can think of doing that would be to ssh into a Bitbucket server and modify the remote repo but I don't think you can do that?

My only guess is there might be a way to keep the pre-receive hooks in source control by putting the hook somewhere like this in the repo:

.bitbucket/pre-receive

But it's hard to find any info on this online.

Michelmichelangelo answered 13/5, 2019 at 4:33 Comment(8)

this seems relevant: bitbucket.org/site/master/issues/10471/… – Michelmichelangelo 13/5, 2019 at 4:35

this is how to do it on Github but not Bitbucket (still not obvious how to actually do it on Github tho): help.github.com/en/enterprise/2.16/admin/developer-workflow/… – Michelmichelangelo 13/5, 2019 at 4:35

The GitHub documentation is talking about GitHub Enterprise Server, a product you would install on your own infrastructure. GitHub as in github.com does not support creating pre-receive hooks at all. This is pretty much the norm - no self hosted provider will let you write your own arbitrary code and run it on the same infrastructure that holds your git repo, there's too much danger of you breaking out into other data on the same physical storage. Until someone figures out a foolproof way to do this, you'll need to find another way. – Obannon 24/5, 2019 at 10:58

Ah yes from a security point of view, I can see why they have it that way - writing arbitrary server side code is just not gonna be allowed. I have confidence what you're saying is a good answer, so please make an answer out of your comment? – Michelmichelangelo 29/5, 2019 at 6:37

That being said, if there were some pre-receive plugins that could be used that were certified or christened by Bitbucket, that'd be nice. Mostly people need to scan their own code for vulnerabilities before it makes it to the wrong place on Bitbucket servers. I don't necessarily need custom code, just some plugins. – Michelmichelangelo 29/5, 2019 at 6:39

According to documentation it is possible: You can also write your own hooks. Here are some useful resources to help you get started. confluence.atlassian.com/bitbucketserver/… – Freetown 10/11, 2023 at 13:49

@Freetown if you are confident in that, please add an answer, I will upvote – Michelmichelangelo 10/11, 2023 at 23:50

@AlexanderMills answer added, thanks. I suppose it works, but haven't tried it myself yet. – Freetown 12/11, 2023 at 22:2

Unfortunately, this isn't possible.

The GitHub documentation is talking about GitHub Enterprise Server, a product you would install on your own infrastructure. GitHub as in github.com does not support creating pre-receive hooks at all. This is pretty much the norm amongst the popular cloud git hosting providers - no cloud provider will let you write your own arbitrary code and run it on the same infrastructure that holds your git repo, there's too much danger of you breaking out into other data on the same physical storage.

Until someone develops a safe/sandboxed implementation of server-side hooks, you'll need to find another way.

Full disclosure: I work for Atlassian (though I don't work on Bitbucket Cloud)

Obannon answered 29/5, 2019 at 10:51 Comment(0)

Bitbucket Server

Create a hook

You can also write your own hooks. Here are some useful resources to help you get started.

Details: https://confluence.atlassian.com/bitbucketserver/using-repository-hooks-776639836.html

Beware "Support for Server products ends on Feb. 15, 2024"; reference: https://www.atlassian.com/migration/assess/journey-to-cloud

Bitbucket Cloud

About: "Does Bitbucket Cloud support git pre-receive hooks"

It is not currently possible.

You can vote for and watch https://bitbucket.org/site/master/issues/10471/git-server-side-pre-receive-hook-bb-11418

Current status: "Under Consideration" november/2023

Reference: https://community.atlassian.com/t5/Bitbucket-questions/Does-Bitbucket-Cloud-support-git-pre-receive-hooks/qaq-p/950235

Freetown answered 10/11, 2023 at 13:32 Comment(0)

Recommended topics

Hot tags