Finding open source vulnerabilities within the Bitbucket workflow

Securing Bitbucket Cloud with Snyk

April 4, 2019 | in Product
| By Ariel ornstein

We are excited to share that starting today, developers can import, test, fix and monitor their Bitbucket Cloud projects for open source vulnerabilities

Being developer-focused, Snyk is the only solution to provide *native* testing and fixing of open source dependencies for Bitbucket Cloud. Our vision is to help developers take ownership of securing their projects without slowing down by integrating with the ongoing development process.

Find, fix and monitor vulnerabilities using Bitbucket Cloud

First, Snyk helps you detect existing vulnerabilities in your projects by scanning the Bitbucket repositories, covering all the languages already supported by existing Snyk Git integrations. Each vulnerability that is detected is displayed including enriched content about the context in which it was introduced and the vulnerable function within the package, thereby accelerating triaging.

The following image displays an imported Node.js project from Bitbucket Cloud with vulnerability test results from within our app:

Snyk also ensures developers’ pull requests do not introduce new open source vulnerabilities. Each new pull request is scanned within Bitbucket before being merged to verify that the PR does not introduce new vulnerabilities. Policies can be defined to configure the severity level of a vulnerability that fails the merge.

The following image displays a failed PR due to new vulnerabilities that it would have added:

Detecting vulnerabilities is just the beginning. We empower developers with triaging analysis and automated fixes. Snyk calculates the required fix for both direct and transitive dependencies and automatically populates a fix pull request with the required upgrades or patches, all from within the Bitbucket workflow.

The following image displays a fix PR created by Snyk which fixes 35 vulnerabilities:

Snyk continues to monitor the repositories daily to test for newly disclosed vulnerabilities to ensure no new risk is introduced. Snyk’s vulnerability database is regularly updated with new vulnerabilities to ensure the best coverage for our users.

Securing Bitbucket Developer workflow end-to-end

With support for Bitbucket Cloud, Snyk now secures the entire developer workflow in Bitbucket by:
Integrating with Bitbucket Server and Bitbucket Cloud
Gating vulnerabilities during the build process where the Snyk Pipe can be used to scan for vulnerabilities
Fixing application and Docker image vulnerabilities, preventing them from being pushed into the production environment
Monitoring after deployment on an ongoing basis.

The following image displays the Bitbucket Cloud pipeline build results when using the Snyk pipe:

 

Getting started

Add the new Bitbucket Cloud integration by visiting our Integrations page or read more about it in our Bitbucket Cloud integration documentation.

Atlassian Summit

Snyk will be participating in the upcoming Atlassian summit (April 9-11 in Las Vegas) and showcasing its full solution for Bitbucket. Stop by our booth located at booth 102 or book a meeting here.

Stay secure!