Why is allowing unsigned scripts to run a requirement for Windows Runners

Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.

Summary

On the Bitbucket Pipelines Runners Minimum Requirements specification page, it is essential for Windows Runners that unsigned scripts are permitted to execute in PowerShell. This is crucial for the proper working of Runner.

For further details, please refer to https://support.atlassian.com/bitbucket-cloud/docs/runners/.

This page provides an explanation of the necessity of this requirement for Windows Runners.

Environment

Bitbucket Pipeline Windows Runner

Solution

For each build, there are a couple of situations where the Windows Runner will generate new scripts during its execution:

  • During the repository clone, a script is generated that will clone the repository depending on the flags set in your bitbucket-pipelines.yml file

  • For each step of the Pipelines, a new script is generated as well.

Since these scripts are generated when the Pipelines build is executed, it's impossible for the scripts to run in your Windows host to be digitally signed. As such, it's a requirement to allow unsigned scripts in your Windows Runner host.

To help you navigate this process, the following page provides clear guidance on how you can allow unsigned scripts in your Windows host:

https://support.atlassian.com/bitbucket-cloud/docs/set-up-runners-for-windows/#Allow-unsigned-scripts-to-run-in-PowerShell

Updated on April 14, 2025
Platform
Cloud only
Product
Bitbucket Cloud
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community