Firewall for stack - Blocking unwanted outgoing connections

#1

Description of the feature request

In light of the recent CodeCov security breach, data was send from CI machines to an external IP adress. For many developers/organisations the endpoint (IP and/or DNS) to which a CI image needs to contact are known for the developers.
I would like to suggest that there would be a security option on bitrise, only accessible by a user with the appropriate access level (e.g. admin), where a set of approved IP/or DNS:es could be defined. Much like a setup of e.g. IPTables on the image that is run. This is an option that is optional to use for those not caring about said security.

Use case / for what or how I would use it

In this manner any similar future instance of a similar problem would be prohibited because said IP adress which data is being leaked to would be blocked by default since said IP would not be whitelisted.

User story

As an administrator I would like to be able to chose to block all outgoing connections expect for those that I whitelist and those that are needed in order for the CI to run properly. I would only want other admins to be able to change this. This may not be able to be changed on the CI environment at runtime.
As an administrator I would like to be able to whitelist these IP addresses using the Bitrise GUI.

0 Likes