security for Bitbucket Cloud development

Announcing enhanced end-to-end security for Bitbucket Cloud development workflows

June 4, 2020 | in Partners
| By Daniel Berman

We’re excited to share that we’ve expanded our collaboration with Atlassian and have enhanced Snyk’s integration with Bitbucket Cloud. These enhancements make it easier than ever for developers to find, fix, and monitor vulnerabilities in open source dependencies throughout the Bitbucket Cloud development workflow.

With the goal of removing friction for developers and simplifying DevOps adoption, Snyk is excited to take part in Atlassian’s DevOps launch, featuring 12 new integrations that help developers take their time back to ship better code. 

Spoiler alert: Atlassian also believes testing while coding is critical to developer speed and reliability and sustaining DevOps ideals! 

Building on the Bitbucket integration we first released in 2018, this expanded collaboration takes Snyk’s integration with Bitbucket Cloud up a few notches and includes three major improvements (and one bonus offer to sweeten the deal):

  • Snyk now supports Code Insights for Bitbucket Cloud, enabling users to gain visibility into security vulnerabilities in their open source dependencies, right down to the line-level.
  • We’ve enhanced the Snyk Pipe—used for scanning for vulnerabilities as part of Bitbucket’s CI/CD pipelines—to support Code Insights as well.
  • Knowing that developers don’t like lock-in and often prefer best-of-breed tools, Atlassian has created a special promotion for Bitbucket users that includes Snyk, AWS, and Sentry. As part of the special offer, we’re offering free unlimited Snyk tests for public and private Git repositories and container images hosted on Bitbucket Cloud. From now through June 30, 2020, Bitbucket users that upgrade to either the Standard or Premium plans, can redeem our special offer by signing up for Snyk via this link
  • Non-Snyk users can run Snyk security scans on their pull requests and view results in Code Insights with the help of a brand new Snyk Security Connect App on the Atlassian Marketplace. Install the app in just a few clicks to get started.

Gaining early security insight into pull requests

Code Insights allows Bitbucket Cloud users to view code quality and security issues throughout the development lifecycle. It does this with the help of third-party, specialized tools. These tools are responsible for both analyzing your code and for providing detailed reports to show a summary of the analysis, together with annotations that help you identify and address issues more efficiently. 

Snyk’s new integration with Code Insights allows you to view the results of Snyk’s security scanning as part of your natural development flow. As soon as new pull requests are opened, Snyk scans them for new vulnerabilities and license issues and shows detailed annotations next to each change that introduces a new issue. This allows developers to take fast, effective, and data-informed remediation steps, all from within the Bitbucket user interface.  

Full security visibility into Bitbucket Cloud pipelines

Bitbucket Pipes allows users to customize and automate their Bitbucket CI/CD pipelines using ready-to-use tasks or “pipes”. Last March, we introduced a dedicated Snyk pipe that allows Bitbucket users to add automated security testing into their CI/CD pipelines as well. 

By adding just a few configuration lines into their bitbucket-pipelines.yml, developers are able to scan their dependencies for vulnerabilities automatically, as part of their CI/CD workflow. If vulnerabilities are found, the Snyk pipe gates the process according to the configuration set by the user. 

The enhanced integration with Bitbucket Cloud now enables users to see the results of Snyk’s security testing, executed as part of their automated pipelines, in detailed Code Insights reports.

Easy setup with the Snyk Connect App

We’re thrilled to inform Bitbucket Cloud users that Snyk’s security testing and Code Insights integration is available for easy installation via a new dedicated Connect App. 

The Snyk Connect App allows Bitbucket Cloud users to scan pull requests for vulnerabilities with Snyk, and gain early security insights with Code Insights, all in just a few simple clicks and without requiring to sign up for Snyk.

Clicking on a vulnerability displayed in the Code Insights report leads users to Snyk’s public vulnerability database which provides the context and information required to facilitate further investigation.

The app will initially support security insights only, for npm and Java (both Maven and Gradle). Support for additional languages will be rolled out soon so stay tuned.

Enjoy free unlimited tests!

Recognizing Snyk as a best-in-class partner for security, Atlassian has created a special promotional offer available to Bitbucket users through the end of June. The offer includes free and unlimited Snyk tests for public and private Git repositories and container images hosted on Bitbucket Cloud. To redeem this offer, all you have to do is sign up for Snyk via this link before the end of June. 

More for information on Snyk’s various integrations for Atlassian, check out the following resources:

Safe coding!