Status: Closed (View Workflow)
Fix Version/s: None
BitBucket should provide information regarding which authenticated user is responsible for each commit being on the server.
Authentication is not done on the commit author, authentication is done on the push.
For example, a BitBucket Server git repository "my-git-repo" has a commit with the author reported as "Mickey Mouse". There is no account for "Mickey Mouse" in BitBucket Server. Which authenticated user put that commit on the BitBucket Server?
We are not looking for push traceability. We are looking for tool integrity concerning accountability in maintenance of company source code.
Currently, users can create commits as another team member (or any entity with access) and push those commits to the bitbucket server without accountability.
This poses a risk to customers.
Increasing log levels and/or tracking IP is not sufficient.
The ability to add write access keys without being tied to an id should be implemented as well in this regard.