Set up BitBucket
Integrating with Bitbucket enables oak9 to scan for any IaC files within a repository with the end result of pinpointing any existing security design gaps as well as potentially fixing those configurations via pull requests. This process is done:
- Continuously: oak9 triggers these scans once a day to ensure full monitoring of your repository
- Autonomously: this process is 100% automatic. After integration, you’ll never have to trigger a scan manually on your end (though you will always still have this option!). That’s right, no more button clicking!
- Securely: we prioritize client confidentiality and security. We only ask for the permissions absolutely necessary to run this workflow and we ensure that none of your code is kept in our system after execution
- Seamlessly: oak9 and Bitbucket work together as essentially, a single application
- 1.Click on the Integrations icon in the navigation bar on the leftoka9 Dashboard
- 2.Navigate to the “Integrations” page and click on the “+ Add Integration” button under Bitbucket in the Repository Integrations sectionIntegrations Panel
- 3.Click Open BitbucketBitbucket Integration
- 4.After being routed to a new page, Click Grant AccessGrant Access within Bitbucket
- 5.Select the relevant workspace and repositories requiring analyzingSelect Reop
- 6.Once a repo is selected, there will be a drop down of all the projects. Select a project that the repo should be paired with or select Create New Project. If a project is not selected, one will be created with the following name:
{Bitbucket username}/{Repository name}
Select or Crete Project - 7.Once you've selected the appropriate repository and environment if applicable, you will need to configure code review settings, here you may change the severity, branch, and how PRs are createdCode Review Settings Panel
- 8.Once you're satisfied with the settings and repo selected, click save
- 9.Within a few seconds you should be able to see that your validation has completed and you will be redirected to the Findings View screen where you may review security gaps and take actionFindings View and Validation
- 10.You’ll next receive an email from
bitbucket
(or a member of your admin team) with information relating to a newly created PR by theoak9io
bot (should you not receive an email it’s still probably the PR was created). Some of the information included in this email will be:- The title of the PR
- A high-level summary of the design gaps found
- A link to the PR
- A link to the validation results
- The number of files changes
- A commit messages with a date stamp included
- 11.Login to bitbucket click on newly created PR and reviewBitbucket PR
Hoorah! You’ve integrated with Bitbucket and have validated your IaC code. Get working on getting those changes in if you have any!
Last modified 4mo ago