Links

Set up BitBucket

Overview

Integrating with Bitbucket enables oak9 to scan for any IaC files within a repository with the end result of pinpointing any existing security design gaps as well as potentially fixing those configurations via pull requests. This process is done:
  • Continuously: oak9 triggers these scans once a day to ensure full monitoring of your repository
  • Autonomously: this process is 100% automatic. After integration, you’ll never have to trigger a scan manually on your end (though you will always still have this option!). That’s right, no more button clicking!
  • Securely: we prioritize client confidentiality and security. We only ask for the permissions absolutely necessary to run this workflow and we ensure that none of your code is kept in our system after execution
  • Seamlessly: oak9 and Bitbucket work together as essentially, a single application

Setup Bitbucket Integration

  1. 1.
    Click on the Integrations icon in the navigation bar on the left
    oka9 Dashboard
  2. 2.
    Navigate to the “Integrations” page and click on the “+ Add Integration” button under Bitbucket in the Repository Integrations section
    Integrations Panel
  3. 3.
    Click Open Bitbucket
    Bitbucket Integration
  4. 4.
    After being routed to a new page, Click Grant Access
    Grant Access within Bitbucket
  5. 5.
    Select the relevant workspace and repositories requiring analyzing
    Select Reop
  6. 6.
    Once a repo is selected, there will be a drop down of all the projects. Select a project that the repo should be paired with or select Create New Project. If a project is not selected, one will be created with the following name: {Bitbucket username}/{Repository name}
    Select or Crete Project
  7. 7.
    Once you've selected the appropriate repository and environment if applicable, you will need to configure code review settings, here you may change the severity, branch, and how PRs are created
    Code Review Settings Panel
  8. 8.
    Once you're satisfied with the settings and repo selected, click save
  9. 9.
    Within a few seconds you should be able to see that your validation has completed and you will be redirected to the Findings View screen where you may review security gaps and take action
    Findings View and Validation
  10. 10.
    You’ll next receive an email from bitbucket (or a member of your admin team) with information relating to a newly created PR by the oak9io bot (should you not receive an email it’s still probably the PR was created). Some of the information included in this email will be:
    • The title of the PR
    • A high-level summary of the design gaps found
    • A link to the PR
    • A link to the validation results
    • The number of files changes
    • A commit messages with a date stamp included
  11. 11.
    Login to bitbucket click on newly created PR and review
    Bitbucket PR
Hoorah! You’ve integrated with Bitbucket and have validated your IaC code. Get working on getting those changes in if you have any!