• Database

• Number of unsuccessful login attempts
• Password reset token sent to the user
• Information to support "remember me" feature

User permission

• UI
• REST API
• Database

• Username may be displayed on any bamboo permission screen:
  • global permissions
  • project permissions
  • plan permissions
  • deployment project permissions

• UI
• REST API
• Database

• Commits and their authors
• Source of this data is an external source code repository
• It's stored in a database for various features (most importantly, to show what was build by a job which is within the deployment version release, set failed build responsible person)
• It's retrieved and cached by the server during plan change detection
• It's retrieved and cached by an agent during checkout task within a job

• UI
• REST API
• Database

• Users may add comments to build results
• Author of comment is stored and displayed to others who have the view access to this result.

• UI
• Database

• It's a build result property
• It tracks which user is responsible for build failure
• It is set automatically based on commit author, can also be set/changed manually

• Database

• Favourite builds are kept in the database ordered by username
• From UI, a user can see only their favorite builds
• SQL database can retrieve usernames

• UI
• REST API
• Database

• Deployment version can be approved by a user.

• Filesystem

• Whenever any domain object is created or modified in Bamboo, Lucene documents are created; these documents contain the contents from the fields of that object.
• Here are examples of domain objects: plan, result, deployment project, deployment version, environment, release.
• Here are examples of fields that are put into Lucene: name and description of an object, label name, repository commit id, artifact link, custom build data, trigger reason etc.
• More information in https://confluence.atlassian.com/bamboo/reindexing-data-289277251.html.

• UI
• REST API
• Filesystem

• Artifacts are files that are produced and associated with build results.
• Artifacts may contain any arbitrary information, including personal data.
• More information in https://confluence.atlassian.com/bamkb/artifacts-in-bamboo-server-829052138.html.

Application Logs

• ${bamboo_home}/log/*
• access_log
• catalina.out

• Filesystem

• Logs various aspects of Bamboo operations for troubleshooting purposes.
• May contain any arbitrary information, including user information.

Agent logs

• atlassian-bamboo-agent.log
• atlassian-bamboo.log
• bamboo-elastic-agent.out

• UI
• Filesystem

• Logs various aspects of Bamboo agent operations for troubleshooting purposes.
• May contain any arbitrary information, including user information.

• UI
• Filesystem

• They are part of build result product produced during a build.
• May contain any arbitrary information, including user information.

• UI
• REST API
• Database

• Provides an audit trail of configuration changes, including user information.
• More information in https://confluence.atlassian.com/bamboo/tracking-changes-to-your-bamboo-server-405046591.html.

• Filesystem

• Contains the entire contents of the Bamboo database for archival purposes.
• Backups contain the entire suite of personal data provided to Bamboo.
• More information in https://confluence.atlassian.com/bamboo/exporting-data-for-backup-289277255.html.

• Filesystem

• Collects configuration information from Bamboo and various logs for transmission to Atlassian Support.
• Logs may contain personal data.
• More information in Create a Support Zip.

Database

Mail Server

Client Systems

• Database
• External Systems

• Notifications to users about finishing builds, failing builds, adding comments to results, changing people responsible for results failing.
• Notifications are pluggable, so third-party plugins may change this behavior.
• Notifications may include any arbitrary information, including personal data.
• Emails are stored internally in Bamboo, and contents will be stored on the email server and/or email clients.

Database

IM Server

Client Systems

• Database
• External Systems

• Notifications to users about finishing builds, failing builds, adding comments to results, changing people responsible for results failing.
• Notifications are pluggable, so third-party plugins may change this behavior
• Notifications may include any arbitrary information, including personal data.
• IM addresses are stored internally in Bamboo, and contents will be stored on the IM server and/or IM clients.

External Systems (Gravatar)

• External Systems

• Avatar is displayed in Bamboo through Gravatar service
• Bamboo Server is not storing avatar - it's handled directly with user browser

• Database

• Stores user details including username, full name, email address.

Memory

Filesystem

• Filesystem
• Memory

• Store data in memory to speed-up lookups (no expensive DB access needed)
• Server restart will clean/refresh this data

Database

Filesystem

Other

• UI
• REST API

• Different type of plugins - any functionality can be implemented within a plugin.
• It must be analysed case by case basis

Database

External directory

• UI
• REST API

• Used for categorizing users. There is a possibility to store PD in group names if e.g. group name contains a reference to religion/race/gender and there are some uses assigned to that group.

• UI

• Reason of the build contains full username for most build triggers

• UI

• Usually reports show time or numbers in the aggregated form
• Third-arty reports can for example aggregate data by user etc.