Bitbucket Data Center/Server integration

The Snyk Bitbucket Data Center/Server integration allows you to continuously perform security scanning across all the integrated repositories, detect vulnerabilities in your open-source components, and use automated fixing. This integration supports Bitbucket Data Center/Server versions 4.0 and above.

Feature availability This feature is available with Enterprise plans. See pricing plans for more details.

For a quick reference, see the Snyk and Bitbucket best practices cheat sheet on the Snyk blog.

Setting up a Bitbucket DC/Server Integration

To give Snyk access to your Bitbucket DC/Server account, set up a dedicated service account in Bitbucket DC/Server with admin permissions. Visit Bitbucket Server documentation to learn more about creating users. Make sure the newly-created user has Admin permissions to all the repositories you need to monitor with Snyk.
In Snyk, go to the Integrations page and click on the Bitbucket Server card.
Enter your Bitbucket DC/Server URL and the username and password for the service account you created. Alternatively, you can create a personal access token and use it instead of a password.
Save your changes. Snyk connects to your Bitbucket DC/Server instance. When the connection succeeds, a confirmation message appears on your integrations screen.

Importing Projects

To select the repositories for Snyk to monitor:

Click Add your Bitbucket Server repositories to Snyk to start importing repositories to Snyk.
When prompted, select the repositories to import to Snyk and click Add selected repositories.

After you add them, Snyk scans the selected repositories for dependency files in the entire directory tree, (that is, package.json, pom.xml, and so on) and imports them to Snyk as projects. The imported projects appear in your Projects page and are continuously checked for vulnerabilities.

Bitbucket DC/Server Integration Features

After the integration is in place, you can use capabilities such as:

Project-level security reports

Snyk produces advanced security reports that let you explore the vulnerabilities found in your repositories and fix them immediately by opening a fix pull request directly to your repository, with the required upgrades or patches.

The example that follows showsa project-level security report.

Project monitoring and automatic fix Pull Requests

Snyk scans your Projects on either a daily or a weekly basis. When new vulnerabilities are found, Snyk notifies you by email and by opening automated Snyk Pull Requests with fixes for your repositories.

The example that follows shows a fix Pull Request opened by Snyk.

To review and adjust the automatic fix pull request settings:

In Snyk, go to (Organization settings) > Integrations > Source control > Bitbucket Server, and click Edit Settings.
Scroll to the Automatic fix PRs section and configure the relevant options.

Snyk pull requests are automatically assigned to the default reviewer set in your Bitbucket Server/Data Center account.

Unlike manual pull requests opened from the Bitbucket interface, for the Snyk Bitbucket Cloud integration, Snyk pull requests are not automatically assigned to the default reviewer set in your Bitbucket Cloud account.

For more information, see Automated pull request creation for new fixes.

Pull request tests

Snyk tests any newly-created pull request in your repositories for security vulnerabilities and sends a build check to Bitbucket DC/Server. You can see directly from Bitbucket DC/Server whether or not the pull request introduces new security issues.

The example that follows shows a Snyk pull request build check on the Bitbucket DC/Server Pull Request page.

To review and adjust the pull request tests settings:

In Snyk, go to (Organization settings) > Integrations > Source control > Bitbucket Server and click Edit Settings.
Scroll to Default Snyk test for pull requests > Open Source Security & Licenses, and configure the relevant options.

Configure PR Checks for your integration

Required permissions scope for the Bitbucket DC/Server integration

Snyk performs all the operations in Bitbucket DC/Server on behalf of the integrated service account.

For Snyk to perform the required operations on monitored repositories, such as reading manifest files on a frequent basis and opening fix or upgrade PRs, the integrated Bitbucket DC/Server service account needs Admin permissions on the imported repositories.

Action

Purpose

Required permissions on the repository

Daily / weekly tests

Used to read manifest files in private repositories.

Write or above

Snyk tests on pull requests

Used to send pull request status checks when a new PR is created or an existing PR is updated.

Write or above

Opening fix and upgrade pull requests

Used to create fix PRs in monitored repositories.

Write or above

Snyk tests on pull requests - initial configuration

Used to add SCM webhooks to the imported repos. Snyk uses these webhooks to:

Track the state of Snyk pull requests when PRs are created, updated triggered, merged, and so on.
Send push events to trigger PR checks.

Admin

Disabling the Bitbucket Data Center/Server integration

ProjectsWhen you disconnect Snyk from your repository projects, your credentials are removed from Snyk, and any integration-specific Projects that Snyk is monitoring are deactivated in Snyk. If you choose to re-enable this integration later, you must re-enter your credentials and activate your projects.

To disable this integration, in (Organization settings) > Integrations, follow these steps:

In your list of integrations, select the Bitbucket integration you want to deactivate and click Edit settings to open a page with the current status of your integration. The page includes sections that are specific to each integration, where you can manage your credentials, API key, Service Principal, or connection details.
Scroll to the relevant section and click Remove Bitbucket Server.

PreviousBitbucket Cloud App integration NextGitLab integration

Last updated 2 years ago

Was this helpful?