New workshop for securing a DevOps pipeline with Snyk, Bitbucket, and AWS
Development teams are frequently under the gun to deliver software quickly, which is difficult to do without modern tools to build, test, and deploy applications efficiently. That’s why Atlassian’s Bitbucket Cloud — a Git-based source code repository service in the cloud that streamlines software development for collaborative teams — was built for both speed and efficiency.
The challenge nearly all organizations face is ensuring development speed and security at the same time. To help developers build and deliver secure applications, the Snyk and Bitbucket integration allows developers to find, fix, and monitor vulnerabilities in their open source dependencies and container images.
In this post, we’ll discuss the native integration of Snyk directly in Bitbucket and briefly cover what you can find in our latest workshop for securing a DevOps pipeline using Snyk, Bitbucket, and AWS. Our new workshop outlines how to build and test code and infrastructure using multiple integrations, including Bitbucket Cloud and Amazon Elastic Container Registry (Amazon ECR).
With Atlassian, the new security tab inside Bitbucket is where developers can start the journey to see risks that exist in dependency files, code base, and container images, so you can resolve them before they are escalated by your security team.
Snyk maintains several integrations with AWS services across the application lifecycle, automating security controls across AWS CodeBuild, AWS CodePipeline, Amazon ECR, Amazon EKS, and several other cloud services.
Through these integrations, the security analysts on your team gain visibility into existing vulnerabilities and open source license issues, so they can better prioritize what needs to be resolved.
Snyk and Bitbucket together
Both Snyk and Atlassian share the same goal: helping developers deliver high-quality, secure software faster and easier than ever. With numerous collaboration capabilities, Bitbucket Cloud helps development teams build, test, and deploy software quickly, while Snyk ensures security is a seamless part of the development workflow.
Within the Bitbucket Security tab, developers can see security risks that exist within their code with a centralized view of application vulnerabilities, which allows development teams to prioritize security fixes during development, shifting security to earlier in the software delivery process.
Bitbucket Pipelines are a continuous integration and continuous delivery (CI/CD) capability for Bitbucket Cloud. The Snyk Pipe integration helps developers get real-time visibility into open source vulnerabilities within the CI/CD process.
These Snyk integrations empower organizations using Bitbucket to shift towards a DevSecOps approach to software delivery to improve the security posture of their applications.
Our latest partner workshop with Bitbucket & AWS
While it’s easy to get started with our Snyk and Bitbucket integrations, we want to make it as simple as possible to gain security insights into pull requests and pipelines. In our new Bitbucket workshop, we work through a pipeline to checkout, build, test, and deploy code to AWS using multiple Snyk integrations along the way.
Here’s what you can expect from the workshop’s three modules.
1. Scanning and monitoring source code at a developer workstation
In the first module, you’ll learn how to enable Snyk to automatically scan your code repository and provide immediate feedback to your development team. These scan results contain detailed information about the severity of each issue, which files contain vulnerabilities, and whether there is a fix available.
You’ll also learn how to easily create tickets for issues using Snyk’s integration with Atlassian Jira. Snyk can also generate automated pull requests within your Bitbucket repository to make remediation much easier for developers.
2. Scanning and monitoring container images
The second module will show you how to use Snyk to monitor your container images in Amazon ECR. Once you configure the
bitbucket-pipelines.yaml file to include Snyk scans, Bitbucket Pipelines can scan your Docker containers during each build.
The scan results from Snyk will give you actionable remediation advice that involves upgrading certain base images to improve container security. By automating base image upgrades, Snyk helps you fix numerous vulnerabilities with the fewest changes possible.
3. Exploiting a container and Kubernetes cluster
Within the final module, you’ll see how a container exploit works on a Kubernetes cluster and use Snyk to remediate the issue. Through a demonstration of a vulnerability in a specific version of the Tomcat server, you’ll learn how an attacker might run shell commands to exploit your system.
When Snyk scans the demo application, however, the tool discovers the vulnerability in your Docker image. By following Snyk’s recommendation and patching the Dockerfile to use a newer version of Tomcat, you can quickly eliminate the vulnerability.
Take our free workshop
Learn to use Snyk to secure your DevOps pipeline in Bitbucket and AWS.
Bitbucket security with Snyk
Through Snyk’s integrations with Bitbucket and AWS, developer teams gain real-time visibility into any security issues in their code and containers, so they can identify vulnerability fixes early in development and monitor new risks post deployment for applications deployed on AWS.
By completing this new workshop, you’ll have the confidence you need to take ownership of cloud security using Bitbucket, AWS and Snyk together to institute a security-first mindset throughout the software development lifecycle.
Are you more of a visual learner? Watch a recording of the webinar that accompanies this Bitbucket workshop.