DevSecOps with Bitbucket Cloud

Join Snyk and Atlassian for this hands-on virtual workshop where we will guide you on implementing security best-practices early on in your workflow to build an automated and secure Continuous Integration (CI) & Continuous Delivery (CD) pipeline.


You will begin this workshop as the newest member of a Mythical 500 company: Mythical Mysfits. It's your first day in the office and your predecessor(s) hastily (i.e. manually) deployed an "enterprise-ready" piece of software for group collaboration: goof. According to your colleagues, goof became wildly popular as "The BESTest todo app evar". You, however, are skeptical. Fortunately, your company also recently purchased Snyk and Atlassian Bitbucket Cloud!
In this workshop, you will learn patterns for shift-left security leveraging Atlassian Bitbucket, Bitbucket Pipelines, and Snyk. These techniques will enable you to implement scanning of your container-based workloads running on Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Registry (ECR) and how to use these patterns to release features and functionality at a faster pace that includes security at each step.

Learning Objectives

Intended Audience

  • Developers
  • Security/Application Teams
  • DevOps/DevSecOps Engineers
  • Cloud/Solutions Architects

Content Structure

We have structured the various subjects covered in this workshop into specific modules. Each module will provide context on the theory behind the techniques presented as well as hands-on examples.

Module 1 - Scanning & monitoring application source code

Enable the Snyk Open Source integration to Bitbucket and import your SCM project. Understand transitive dependencies and how Snyk can generate automatic pull requests to streamline your process.

Module 2 - Scanning & monitoring container images

Enable Snyk Container integration to Amazon Elastic Container Registry (ECR) and import your container images. Learn how Snyk provides base image ugprade recommendations.

Module 3 - Scanning & monitoring for insecure Kubernetes configurations

Install the Snyk controller on Amazon Elastic Kubernetes Service (Amazon EKS) and add workloads for scanning. Understand test results, how to interpret Snyk's Priority Score, and how to fix configuration issues.

Module 4 - Fixing known issues & monitoring

In this module, you will go through guided exercises that demonstrate how to fix for vulnerabilities and insecure configurations. You will apply what you learned in the previous modules and apply fixes to your application, container image, and Kubernetes configuration to secure your application.
To make the most effective use of this content, you should be able to run basic Unix commands. You should also possess familiarity with AWS services, basic cloud concepts and general understanding of software development methodologies.