Snyk and Atlassian, Sitting in a Tree
Aner Mazur
24 de agosto de 2017
0 minutos de leituraWith Atlassian Summit just around the corner, it’s time for Snyk support for Bitbucket Server to come out of beta. Now you can tightly integrate Snyk with your Atlassian workflow from start to finish — from easily monitoring your projects, to integration with Bitbucket pipelines and even JIRA Software ticket creation.
Bitbucket Server support
The newly released Bitbucket Server support allows you to test and monitor Java, Node.js, Ruby and many other applications using the Snyk interface. You’l be able to choose which repositories you want to protect, find any security vulnerabilities in them, continuously monitor them for newly disclosed vulnerabilities and — soon — fix issues with a click.
If you’re using a public-facing instance of Bitbucket Server, you can connect to it from the integrations page by providing your server credentials (we recommend using a dedicated user with read-only permissions).
If you’re using a private instance of Bitbucket server, you’ll need to use our Broker which will ensure that only the requests which Snyk needs to function are allowed through.
Once you’ve entered your credentials, you’ll see a list of all projects on your Bitbucket Server instance so that you can choose which ones you would like Snyk to test and monitor. Snyk will run an initial test on each to see what dependencies are in use and if any have vulnerabilities.
Snyk will also continue to test those repositories at a frequency you specify to see if any newly disclosed vulnerabilities are discovered. Anytime Snyk finds an issue, you’ll be notified and given information about how to remediate, so that you can address them immediately.
Integrate with Bitbucket Pipelines
The Snyk CLI also lets you integrate with your Bitbucket pipelines. Running snyk test
will check your project for any vulnerabilities, and snyk monitor
will take a snapshot of the current state of your application so Snyk can keep tabs on it.
For Node.js projects you can even go so far as to use snyk protect
to automatically apply any selected patches or updates.
Snyk vulnerabilities as JIRA Software tickets
Whether you run Snyk using the CLI or use the built-in Bitbucket Server integration (or both!), the reports Snyk provides will tell you how to address each issue as soon as possible. But sometimes issues need a little bit more time so that they can be vetted, scheduled and assigned to the appropriate people.
That’s why we’ve built a tool that connects the results of running our CLI in your Pipeline to your JIRA Software instance, creating tickets for any issues Snyk finds.
Each JIRA Software ticket gets filled in with the vulnerability severity and relevant information. If the script sees that an issue has already been created for a given vuln, it will comment on the initial issue instead of creating a duplicate issue.
With your vulnerabilities filed as Bugs in JIRA Software, you can then triage, assign them to the correct people, and address them accordingly.
We’re not done yet!
With Snyk’s Bitbucket Server integration, CLI and Snyk-to-JIRA tool, you can integrate Snyk seamlessly into your entire Atlassian workflow. Snyk can help you find vulnerabilities, prevent new ones, monitor your project continously and even automatically create JIRA Software tickets.
And we have more on the way! We’re working on deeper JIRA Software integration, Bitbucket.org integration, the ability to fix merge requests with a single click and more.If you’re using Atlassian’s suite of tools, contact us today so we can enable the Bitbucket Server integration for your account.
And if you’re at Atlassian Summit September 12-14, come find Geva if you would like to see first-hand how Snyk works with your Atlassian tools.