Git: Bitbucket Cloud & Bitbucket Server
Test: detects existing vulnerabilities in the Bitbucket code repository by scanning daily to test for newly disclosed vulnerabilities.
Fix: Snyk calculates the minimal upgrade required to fix the vulnerability. For vulnerabilities in transitive dependencies, Snyk calculates the minimal upgrade of the direct dependency through which the vulnerable package was introduced. Then Snyk automatically populates a fix pull request with the required upgrades or patches, all from within the Bitbucket workflow.
Prevent: Snyk ensures developers’ pull requests do not introduce new open source vulnerabilities.
Build, CI/CD: Bitbucket Pipes
Test: Snyk Pipe scans your application dependencies and Docker images for open source vulnerabilities.
Fix & Patch: Snyk Pipe includes a patch module that remediates application vulnerabilities using Snyk’s precision patches. For Docker images, Snyk directs to the most secure base image alternative.
Prevent: Snyk Pipe gates the process according to the configuration set by the user; for example preventing high severity vulnerabilities from going through the build.
Deployment
Monitor: Snyk saves a snapshot of the dependencies of the deployed application, monitors it and sends notifications for new issues.
First-to-update: Snyk’s vulnerability database is constantly updated with new vulnerabilities to ensure the best coverage for users.
Ongoing Alerts
Jira Integration: Throughout the workflow, Snyk enables developers to highlight and track vulnerabilities opening a Jira ticket.