Finding open source vulnerabilities within the Bitbucket workflow

Written by:
Noa Korem
Noa Korem

January 22, 2019

0 mins read

Snyk is happy to implement code insights, a new functionality by Bitbucket, to allow Bitbucket Server users to view detailed results of Snyk’s vulnerability scan, all within Bitbucket itself.

Watch a short demo showing the new integration:

Integration of Snyk with Bitbucket Server allows developers to protect their code from any open source vulnerabilities as part of their daily workflow. Snyk scans all opened pull requests to ensure they aren’t introducing new open source vulnerabilities, and can block such pull requests from being merged. Snyk also scans repositories daily to test for newly disclosed vulnerabilities.

With the implementation of code insights, developers can analyze the scan results from within their regular workflow in Bitbucket, without having to move away to Snyk for a deeper analysis. In Bitbucket’s pull request interface the changes are scanned by Snyk for new vulnerabilities and you can view in-line detailed annotations next to each change that introduces a new issue. These annotations make it easier to understand the results of Snyk’s scan and support informed decisions, as demonstrated in the following images.

The following image displays detailed scan results of a new pull request, including details of the vulnerabilities found:


The following image displays in-line annotation of the vulnerabilities:


With code insights in place, Snyk is now fully equipped to integrate with your Atlassian workcycle. Starting with securing the code management process, Snyk tests, fixes and monitors your projects in Bitbucket server (see more information here about How to install Snyk with Bitbucket Server). You can also secure the Build and Deploy processes with the Snyk integration to the Bitbucket pipeline. Stay Secure!

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo