Snyk’s new native integration with Bitbucket Cloud emphasizes dev-first security
Sarah Conway
25 de outubro de 2022
0 minutos de leituraSnyk is excited to announce a new, native integration with Atlassian Bitbucket Cloud. This new release improves Snyk’s functionality within Bitbucket Cloud, making installation faster, and easier to implement.
Our Bitbucket integration is the first out-of-the-box embedded security experience within the Atlassian UI, enabling users to access high vulnerability counts and rich contextual information right from their native Bitbucket workflow. With this integration update, we are bringing the best of Snyk’s open source dependency and container image vulnerability scanning to Bitbucket Cloud users. The goal: to empower all Bitbucket Cloud users to manage and mitigate their open source risk, within their existing workflows.
How does the integration work?
With this new Snyk App, users can find, prioritize, and fix security vulnerabilities in open source dependencies and container images throughout the development workflow — all without leaving Bitbucket Cloud.
Instead of needing to launch a separate platform, users can simply click on a tab within the Bitbucket solution to access our security features. Users can gain actionable insights, such as vulnerability counts and rich contextual fix information, within a UI that they’re already using.
Snyk is also available in Bitbucket Pipelines as a Pipe. This enables developers to receive fast feedback as they build more secure applications without compromising the speed and efficiency of their pipeline operations.
Snyk is the most streamlined security solution to ever be offered on Atlassian’s platform. And it’s one of a kind — other DevOps solutions such as Gitlab or Github don’t offer this level of security integration with such rich insights into vulnerabilities. Because Snyk can now be installed into a Bitbucket workspace directly, it accesses all repositories instead of being tied to individual users.
The results of our native integration with Bitbucket: easier and faster installation, stronger end-to-end security for CI/CD pipelines, easier adherence to open source compliance requirements, and of course, far less risk for end users.
Who can use the Bitbucket-Snyk integration?
This native integration brings security best practices to a few different roles: developers, security analysts, and managers alike. Because it fits effortlessly into Bitbucket’s interface, Snyk’s integration enables shared responsibility for security, facilitating a DevSecOps approach.
In addition, developer team managers can use Snyk to get a bird’s eye view of risk within their developers’ codebases. This enables dev management to proactively resolve issues before they are escalated to security teams.
Security analysts benefit from the Snyk-Bitbucket integration as well. They can gain greater visibility into existing vulnerabilities and license issues to better understand their cloud application risk and identify how to better prioritize fixes. The integration also enables developers to remediate their own code vulnerabilities early on in the process, removing much of the responsibility from security teams who are often short-staffed and hard-pressed for time.
Why we partner with Bitbucket Cloud and Atlassian
Bitbucket Cloud plays a central role in millions of CI/CD pipelines, across the globe. It’s a Git source code management tool that enables team collaboration, in-depth code review, and comes with a built-in CI/CD tool, Bitbucket Pipelines. Bitbucket is part of Atlassian’s Open DevOps solution, alongside other developer favorites such as Jira and Confluence.
Snyk has been working with Atlassian for almost five years.
Four years ago, our security intelligence products were first integrated with Bitbucket Server, followed by integration into Bitbucket Cloud and Bitbucket Pipes, enabling secure CI/CD workflows. Since the integration with Bitbucket Cloud was announced in the spring of 2021, Bitbucket developers have imported more than 62,000 projects and more than 24,000 repositories.
Because of Atlassian’s strategy to partner with market leaders with great, dev-friendly tools, Snyk was an ideal match for their newest security initiatives. Recently, Atlassian announced Snyk as the key security partner for the new Jira toolchain solution, a new way to easily discover, connect to, and visualize your software development tools in Jira.
Join us to see the new Snyk App in action on Nov. 1 at 11 am ET. From installation to everyday use, our Snyk in 30 live democast will show you how easy and fast it is to find, prioritize, and fix security vulnerabilities and license issues in your open source dependencies within Bitbucket Cloud.
How to get started
If you’re a Bitbucket user, try out Snyk security by signing up for a free 30-day Business trial, right within Bitbucket Cloud. You can also find Snyk on the Atlassian Marketplace to connect an existing repository or navigate to the Security tab to install the Snyk application.
We’re also excited to announce that we’re offering a 25 percent discount to Bitbucket Cloud users looking to modernize or establish their SAST / SCA toolstack. Book a demo to see Snyk in action and learn about the discount that allows you to save on Snyk Open Source and Snyk Code products.
If you’re already using the Snyk and Bitbucket legacy integration, you’ll need to migrate to the new Snyk App for Bitbucket. The you
Additional Resources:
Snyk Documentation: Bitbucket Cloud App Integration
Snyk Documentation: Migrate a Bitbucket Cloud Legacy Integration