We use cookies to ensure you get the best experience on our website.Read moreRead moreGot it

close
  • Products
    • Products
      • Snyk Open Source (SCA)
        Avoid vulnerable dependencies
      • Snyk Code (SAST)
        Secure your code as it’s written
      • Snyk Container
        Keep your base images secure
      • Snyk Infrastructure as Code
        Fix misconfigurations in the cloud
    • Platform
      • What is Snyk?
        See Snyk’s developer-first security platform in action
      • Developer Security Platform
        Secure all the components of the modern cloud native application in a single platform
      • Security Intelligence
        Access our comprehensive vulnerability data to help your own security systems
      • License Compliance Management
        Manage open source license usage in your projects
    • Self-paced security education with Snyk Learn
  • Resources
    • Using Snyk
      • Documentation
      • Vulnerability intelligence
      • Product training
      • Customer success
      • Support portal & FAQ’s
    • learn & connect
      • Blog
      • Community
      • Events & webinars
      • DevSecOps hub
      • Developer & security resources
    • Self-paced security education with Snyk Learn
  • Company
    • About Snyk
    • Customers
    • Partners
    • Newsroom
    • Snyk Impact
    • Contact us
    • Jobs at Snyk We are hiring
  • Pricing
Log inBook a demoSign up
All articles
  • Application Security
  • Cloud Native Security
  • DevSecOps
  • Engineering
  • Partners
  • Snyk Team
  • Show more
    • Vulnerabilities
    • Product
    • Ecosystems
Finding open source vulnerabilities within the Bitbucket workflow
EcosystemsProduct

Finding open source vulnerabilities within the Bitbucket workflow

Noa KoremJanuary 22, 2019

Snyk is happy to implement code insights, a new functionality by Bitbucket, to allow Bitbucket Server users to view detailed results of Snyk’s vulnerability scan, all within Bitbucket itself.

Watch a short demo showing the new integration:

Integration of Snyk with Bitbucket Server allows developers to protect their code from any open source vulnerabilities as part of their daily workflow. Snyk scans all opened pull requests to ensure they aren’t introducing new open source vulnerabilities, and can block such pull requests from being merged. Snyk also scans repositories daily to test for newly disclosed vulnerabilities.

If a new vulnerability was found, not only will Snyk alert about the newly found vulnerability, but it will also open a Fix pull request, including suggested upgrades or Snyk’s precision patches to fix the vulnerability.

With the implementation of code insights, developers can analyze the scan results from within their regular workflow in Bitbucket, without having to move away to Snyk for a deeper analysis. In Bitbucket’s pull request interface the changes are scanned by Snyk for new vulnerabilities and you can view in-line detailed annotations next to each change that introduces a new issue. These annotations make it easier to understand the results of Snyk’s scan and support informed decisions, as demonstrated in the following images.

The following image displays detailed scan results of a new pull request, including details of the vulnerabilities found:

The following image displays in-line annotation of the vulnerabilities:

With code insights in place, Snyk is now fully equipped to integrate with your Atlassian workcycle. Starting with securing the code management process, Snyk tests, fixes and monitors your projects in Bitbucket server (see more information here about How to install Snyk with Bitbucket Server). You can also secure the Build and Deploy processes with the Snyk integration to the Bitbucket pipeline.

Stay Secure!

Log4Shell resource center

We’ve created an extensive library of Log4Shell resources to help you understand, find and fix this Log4j vulnerability.

Browse Resources
Footer Wave Top
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment
Develop Fast.
Stay Secure.
Snyk|Open Source Security Platform
Sign up for freeBook a demo

Product

  • Developers & DevOps
  • Vulnerability database
  • Pricing
  • Test with GitHub
  • API status
  • IDE plugins
  • What is Snyk?

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Company

  • About
  • Snyk Impact
  • Customers
  • Jobs at Snyk
  • Snyk for government
  • Legal terms
  • Privacy
  • Press kit
  • Events
  • Security and trust
  • Do not sell my personal information

Connect

  • Book a demo
  • Contact us
  • Support
  • Report a new vuln

Security

  • JavaScript Security
  • Container Security
  • Kubernetes Security
  • Application Security
  • Open Source Security
  • Cloud Security
  • Secure SDLC
  • Cloud Native Security
  • Secure coding
  • Python Code Examples
  • JavaScript Code Examples
Snyk|Open Source Security Platform

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Track our development

© 2022 Snyk Limited
Registered in England and Wales
Company number: 09677925
Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT.
Footer Wave Bottom