Snyk Documentation

Bitbucket pipes integration overview

Snyk integrates with Bitbucket pipelines using a Snyk pipe, seamlessly scanning your application dependencies and Docker images for open source security vulnerabilities as part of the continuous integration/continuous delivery (CI/CD) workflow.

Bitbucket Pipes enables users to customize and automate a Bitbucket Pipeline CI/CD workflow with a group of ready-to-use tasks that can be added inside of your pipelines by copying and pasting them from the Bitbucket interface.

With the Snyk pipe, you can quickly add Snyk scanning to your pipelines to test and monitor for vulnerabilities at different points of the CI/CD workflow, based on your configurations. Results are then displayed from the Bitbucket Pipelines output view and can also be monitored from Snyk.io.

The rest of this page discusses:

Snyk language support

Snyk integration with Bitbucket pipes is supported for the following languages:

  • JavaScript (npm)
  • .NET (NuGet)
  • PHP Composer
  • Ruby
  • Docker

How it works

Once the user has added the pipe to the pipeline, each time the pipeline executes (by any trigger type) the Snyk pipe does the following.

Scan

  1. Scans app dependencies or Docker images for vulnerabilities or licensing issues, and lists them.
  2. If Snyk finds vulnerabilities, it does one of the following (based on configuration):
    • Fails the pipeline
    • Lets the pipeline complete the build

Monitor

Optionally, if the pipeline continues (the build completes successfully) and if MONITOR is set to True in the pipe, then Snyk saves a snapshot of the project dependencies on Snyk.io, where you can see the dependency tree with all of the issues, and be alerted to new issues found in the existing app version.

Protect (Optional)

(For Node.js projects only) Optionally, set PROTECT to True and if a .snyk policy file exists, Snyk applies patches specified in the policy file.

Snyk pipe information in Bitbucket

From the build directory, Bitbucket Pipelines displays a list of available pipes customized for you directly, similar to the following image:

From this list, find and click Snyk to view the pipe, examples, parameters, and values:

 

Related topics: