Snyk and Atlassian, Sitting in a Tree
With Atlassian Summit just around the corner, it’s time for Snyk support for Bitbucket Server to come out of beta. Now you can tightly integrate Snyk with your Atlassian workflow from start to finish—from easily monitoring your projects, to integration with Bitbucket pipelines and even JIRA Software ticket creation.
Bitbucket Server support
The newly released Bitbucket Server support allows you to test and monitor Java, Node.js, Ruby and many other applications using the Snyk interface. You’l be able to choose which repositories you want to protect, find any security vulnerabilities in them, continuously monitor them for newly disclosed vulnerabilities and—soon—fix issues with a click.
If you’re using a public-facing instance of Bitbucket Server, you can connect to it from the integrations page by providing your server credentials (we recommend using a dedicated user with read-only permissions).
If you’re using a private instance of Bitbucket server, you’ll need to use our Broker which will ensure that only the requests which Snyk needs to function are allowed through.
Once you’ve entered your credentials, you’ll see a list of all projects on your Bitbucket Server instance so that you can choose which ones you would like Snyk to test and monitor. Snyk will run an initial test on each to see what dependencies are in use and if any have vulnerabilities.
Snyk will also continue to test those repositories at a frequency you specify to see if any newly disclosed vulnerabilities are discovered. Anytime Snyk finds an issue, you’ll be notified and given information about how to remediate, so that you can address them immediately.
Integrate with Bitbucket Pipelines
The Snyk CLI also lets you integrate with your Bitbucket pipelines. Running
snyk test will check your project for any vulnerabilities, and
snyk monitor will take a snapshot of the current state of your application so Snyk can keep tabs on it.
For Node.js projects you can even go so far as to use
snyk protect to automatically apply any selected patches or updates.
Snyk vulnerabilities as JIRA Software tickets
Whether you run Snyk using the CLI or use the built-in Bitbucket Server integration (or both!), the reports Snyk provides will tell you how to address each issue as soon as possible. But sometimes issues need a little bit more time so that they can be vetted, scheduled and assigned to the appropriate people.
That’s why we’ve built a tool that connects the results of running our CLI in your Pipeline to your JIRA Software instance, creating tickets for any issues Snyk finds.
Each JIRA Software ticket gets filled in with the vulnerability severity and relevant information. If the script sees that an issue has already been created for a given vuln, it will comment on the initial issue instead of creating a duplicate issue.
With your vulnerabilities filed as Bugs in JIRA Software, you can then triage, assign them to the correct people, and address them accordingly.
We’re not done yet!
With Snyk’s Bitbucket Server integration, CLI and Snyk-to-JIRA tool, you can integrate Snyk seamlessly into your entire Atlassian workflow. Snyk can help you find vulnerabilities, prevent new ones, monitor your project continously and even automatically create JIRA Software tickets.
And we have more on the way! We’re working on deeper JIRA Software integration, Bitbucket.org integration, the ability to fix merge requests with a single click and more.
If you’re using Atlassian’s suite of tools, contact us today so we can enable the Bitbucket Server integration for your account.
Open source vulnerabilities tripped Equifax, how can you defend yourself?
September 11, 2017Equifax, a credit monitoring giant, disclosed last week it was breached, exposing highly personal data of _143 million_ people. The breach root cause was a vulnerable version of an open source library called Struts. How can you handle such vulnerable libraries in your apps?
Announcing Snyk for Gradle, Scala and Python
August 02, 2017Since we launched nearly two years ago, Snyk has been focused on making it easier to use open-source code without compromising security. Today, we're taking another leap forward and launching support for Scala, Python and Gradle!
Subscribe to The Secure Developer Podcast
A podcast about security for developers, covering tools and best practices.
Interested in web security?
Subscribe to our newsletter: