Bitbucket
Automatically perform SAST and secret scanning for your Bitbucket commits.
Overview
Bitbucket integration with DefendOps provides a seamless way to automatically perform static application security testing (SAST) and secret scanning on every commit to your Bitbucket repositories. By using Bitbucket’s webhook capabilities, DefendOps ensures that vulnerabilities and sensitive information are caught before reaching production.
Real-Time SAST Scans: Whenever a new commit is pushed to a Bitbucket repository, DefendOps automatically triggers a SAST scan. This helps identify code vulnerabilities such as insecure coding practices, outdated dependencies, and potential security weaknesses early in the development lifecycle.
Secret Scanning: DefendOps scans for secrets in your codebase, such as passwords, API keys, and other sensitive information, which may accidentally be committed. Identifying these secrets as part of the CI/CD pipeline ensures that they are flagged before they can be exposed.
Automated Pull Requests for Fixes: If any vulnerabilities or secrets are found, DefendOps can automatically create pull requests to suggest fixes, similar to Dependabot, providing immediate remediation without the need for manual intervention.
Pipeline Integration: Connect DefendOps to your Bitbucket repositories and trigger scans as part of your pipeline. Keep your codebase secure without interrupting your development flow, ensuring a continuous security posture for all code changes.
Additional Information
To integrate Bitbucket with DefendOps, configure webhooks within your Bitbucket repository and the module provided on your instance by providing your API Key. DefendOps will receive callbacks on each commit and automatically trigger the scans for vulnerabilities and secrets. Ensure API access is granted for seamless integration. For more information on setting up webhooks in Bitbucket, please refer to Bitbucket’s webhook documentation at (https://support.atlassian.com/bitbucket-cloud/docs/manage-webhooks/).
