Snyk Blog

Securing Bitbucket Cloud with Snyk

Written by:
Ariel Ornstein
Ariel Ornstein
wordpress-sync/Finding-open-source-vulnerabilities-within-the-Bitbucket-workflow-tumb

April 4, 2019

0 mins read

We are excited to share that starting today, developers can import, test, fix and monitor their Bitbucket Cloud projects for open source vulnerabilities.

Being developer-focused, Snyk is the only solution to provide native testing and fixing of open source dependencies for Bitbucket Cloud. Our vision is to help developers take ownership of securing their projects without slowing down by integrating with the ongoing development process.

Find, fix and monitor vulnerabilities using Bitbucket Cloud

First, Snyk helps you detect existing vulnerabilities in your projects by scanning the Bitbucket repositories, covering all the languages already supported by existing Snyk Git integrations. Each vulnerability that is detected is displayed including enriched content about the context in which it was introduced and the vulnerable function within the package, thereby accelerating triaging.

The following image displays an imported Node.js project from Bitbucket Cloud with vulnerability test results from within our app:

wordpress-sync/BBC-post-1

Snyk also ensures developers’ pull requests do not introduce new open source vulnerabilities. Each new pull request is scanned within Bitbucket before being merged to verify that the PR does not introduce new vulnerabilities. Policies can be defined to configure the severity level of a vulnerability that fails the merge.

The following image displays a failed PR due to new vulnerabilities that it would have added:

wordpress-sync/BBC-post-2

Detecting vulnerabilities is just the beginning. We empower developers with triaging analysis and automated fixes. Snyk calculates the required fix for both direct and transitive dependencies and automatically populates a fix pull request with the required upgrades or patches, all from within the Bitbucket workflow.

The following image displays a fix PR created by Snyk which fixes 35 vulnerabilities:

wordpress-sync/BBC-post-3

Snyk continues to monitor the repositories daily to test for newly disclosed vulnerabilities to ensure no new risk is introduced. Snyk’s vulnerability database is regularly updated with new vulnerabilities to ensure the best coverage for our users.

Securing Bitbucket Developer workflow end-to-end

With support for Bitbucket Cloud, Snyk now secures the entire developer workflow in Bitbucket by:

  • Integrating with Bitbucket Server and Bitbucket CloudGating vulnerabilities during the build process where the Snyk Pipe can be used to scan for vulnerabilities

  • Fixing application and Docker image vulnerabilities, preventing them from being pushed into the production environment

  • Monitoring after deployment on an ongoing basis.

The following image displays the Bitbucket Cloud pipeline build results when using the Snyk pipe:

wordpress-sync/BBC-post

Getting started

Add the new Bitbucket Cloud integration by visiting our Integrations page or read more about it in our Bitbucket Cloud integration documentation.

Atlassian Summit

Snyk will be participating in the upcoming Atlassian summit (April 9-11 in Las Vegas) and showcasing its full solution for Bitbucket. Stop by our booth located at booth 102 or book a meeting here.

Stay secure!

Posted in:Open Source Security
wordpress-sync/Finding-open-source-vulnerabilities-within-the-Bitbucket-workflow-tumb

State of Open Source Security Report

Snyk analyzed responses from over 500 organizations and anonymized data collected from Snyk product usage to shed light on the current security posture of OS software and trends.

See the report

Start securing AI-generated code

Create your free Snyk account to start securing AI-generated code in minutes. Or book an expert demo to see how Snyk can fit your developer security use cases.

No credit card required.

Start free with GithubStart free with Google

Or Sign up with

SSOBitbucketAzure ADDocker ID

By logging in or signing up, you agree to abide by our policies, including our Terms of Service and Privacy Policy

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon