Bitbucket Server integration
Note
On premise SCM integrations are only supported for Pro plans or above. To upgrade your plan, please contact support@snyk.io.Setting up a Bitbucket Server Integration
-
To give Snyk access to your Bitbucket Server account, set up up a dedicated service account in Bitbucket Server, with admin permissions. Visit Bitbucket Server documentation to learn more about creating users.
Important
Make sure the newly created user has Admin permissions to all the repositories you need to monitor with Snyk. -
In Snyk, go to the Integrations page and click on Bitbucket Server card:
- Enter your Bitbucket Server URL, and the username and password for the service account you created:
- Click Save.
Snyk connects to your Bitbucket Server instance. When the connection succeeds, the following indications appear:
You can now select the repositories for Snyk to monitor. - Click Add your Bitbucket Server repositories to Snyk to start importing repositories to Snyk.
- Select the repositories to import to Snyk when prompted, then click Add selected repositories.
- Snyk scans the selected repositories for dependency files (such as package.json and pom.xml) in the entire directory tree, and import them to Snyk as projects:
- The imported projects appear in your Projects page and are continuously checked for vulnerabilities.
Bitbucket Server Integration Features
After the integration is done, you can use the following capabilities:
Project level security reports
Snyk produces advanced security reports, allowing you to explore the vulnerabilities found in your repositories, and fix them immediately by opening a fix pull request directly to your repository, with the required upgrades or patches.
This is an example of a project level security report:

Projects monitoring and automatic fix pull requests
Snyk frequently scans your projects on either a daily or a weekly basis. When new vulnerabilities are found, it notifies you by email and by opening an automated pull requests with fixes to repositories.Here is an example of a fix pull request opened by Snyk:

Pull request tests
Snyk tests any newly created pull request in your repositories for security vulnerabilities, and sends a build check to Bitbucket Server. You can to see whether the pull request introduces new security issues, directly from Bitbucket Server.
This is how Snyk pull request build check appears in the Pull Request page in Bitbucket Server:
To review and adjust the pull request tests settings, navigate to the Settings --> Integration --> Bitbucket Server page in Snyk:
Required permissions scope for the Bitbucket Server integration
Snyk performs all the operations in Bitbucket Server on behalf of the integrated service account.
For Snyk to perform the required operations on monitored repositories (such as reading manifest files on a frequent basis and opening fix or upgrade PRs), the integrated Bitbucket Server service account needs Admin permissions on the imported repositories:
Action |
Why? |
Required permissions on the repository |
Daily / weekly tests |
To read manifest files in private repositories. |
Write or above |
Snyk tests on pull requests |
To send pull request status checks when a new PR is created, or an existing PR is updated. |
|
Opening fix and upgrade pull requests |
To create fix PRs in monitored repositories. |
|
Snyk tests on pull requests - initial configuration |
To add Snyk's webhooks to the imported repos, so Snyk is informed when pull requests are created or updated, and can trigger scans. |
Admin |
Disabling the Bitbucket Server integration
To disable this integration:
- Navigate to the Settings --> Integrations page in Snyk.
- Find the specific integration to deactivate in your list of integrations, and click Edit settings.
- A page appears showing the current status of your integration and a place to update your credentials, specific to each integration (credentials, API key, Service Principal, or connection details):
- Click Disconnect.
Warning
Your credentials are removed from Snyk and any integration-specific projects Snyk is monitoring are deactivated on Snyk.If you then choose to re-enable this integration at any time, you will need to re-enter your credentials and activate your projects.