Documentation

Bitbucket Server

Snyk’s Bitbucket Server integration lets you monitor the source code of your Node.js and Rubygems repos for any known vulnerabilities found in the application’s dependencies, testing at a frequency you control.

This integration only works with Bitbucket Server instances that are publicly reachable (not on a private network) and not for bitbucket.org.

For each test, Snyk will communicate directly with Bitbucket Server to determine exactly what code is currently pushed and what dependencies are being used. Each dependency will in turn be tested against Snyk’s vulnerability database to see if it contains any known vulnerabilities.

If vulnerabilities are found, you will be alerted (via email or Slack) so that you can take immediate action.

In order to turn on the Bitbucket Server integration you’ll need to:

  1. Connect to Bitbucket Server from the integrations page
  2. Add your Bitbucket Server account credentials to Snyk
  3. Select the projects you want to monitor and click “Add to Snyk”

Connecting Snyk to Bitbucket Server

In order for Snyk to be able to monitor your Bitbucket Server repos, you’ll first need to connect Snyk to your Bitbucket Server account. You can do this by navigating to the Integrations page and clicking on “Connect to Bitbucket Server”.

Screenshot of the Integrations page for Snyk

This will take you to a page where you’ll be prompted to enter your Bitbucket Server URL, username and password.

Screenshot of the form for entering your Bitbucket Server credentials

Instructions for how to generate and locate your Bitbucket Server credentials are below.

Generating your Bitbucket Server Credentials

To give Snyk access to your Bitbucket Server account, we recommend setting up a dedicated user with read-only permissions.

You can create a user from the admin panel on your Bitbucket Server.

You can learn more about creating users on the Bitbucket Server documentation.

Adding Bitbucket Server repositories to Snyk

Once you’ve successfully connected Snyk to your Bitbucket Server account, you’ll be able to select the repositories that you would like Snyk to monitor. You can do this either using the “Add projects” button on the integrations page, or directly from the Bitbucket Server integration settings page.

In either case, you’ll see a list of any available projects on the Bitbucket Server account you connected. Select the ones you want to monitor and click the “add to Snyk” button.

Screenshot of the screen displaying the available Bitbucket Server repositories to monitor

As soon as you’ve added the projects to Snyk, Snyk will test them and begin to display a list of all monitored Bitbucket Server repositories in your project dashbard. You’ll also see a snapshot of any current vulnerabilities, and be able to click through for a more detailed report including any steps to remediate.

Screenshot of the screen displaying the available Bitbucket server repositories to monitor

Snyk will now continuously monitor each of those repositories for known vulnerabilities. You can add more repositories at any time.

Checking your connection status

At any time after you’ve entered your Bitbucket Server credentials, you can check on the connection status in one of two places.

The first is on your integration settings page, where you’ll see your current integrations listed as well as their connection status.

Screenshot of the integration settings page.

You can also check the status directly on the Bitbucket Server integration settings page (found by clicking “Edit settings” on the integration settings page shown above). If you’ve entered credentials, you’ll see a box indicating whether or not Snyk is able to correctly connect to Bitbucket Server.

Screenshot showing Snyk correctly connected to Bitbucket Server

If you are unable to connect, please re-enter your account credentials to verify that they are correct.

Screenshot showing Snyk unable to connect to Bitbucket Server

Disabling the Bitbucket Server Integration

If you decide to disable the Bitbucket Server integration for any reason, you can accomplish this from the “Integration Settings” page in your settings.

You’ll need to find the Bitbucket Server integration in your list of integrations, and click “Edit Settings”. You’ll be taken to a page that shows the current status of your Bitbucket Server connection, a place to update your credentials, and a red box at the bottom to disconnect from Bitbucket Server.

Screenshot showing the Disconnect screen for disabling the Bitbucket Server integration

If you choose to disconnect, your Bitbucket Server credentials will be removed from Snyk and any Bitbucket Server projects we had been monitoring will be deactivated on Snyk.

If you choose to re-enable the Bitbucket Server integration at any time, you’ll need to re-enter your credentials and activate your projects.