New Features
  1. Docs Library | Snyk
  2. Integrations
  3. Git repository (SCM) integrations

Articles in this section

Bitbucket Server integration

Bitbucket Server integration

Snyk's Bitbucket Server integration allows you to continuously perform security scanning across all the integrated repositories, detect vulnerabilities in your open source components, and use automated remediation.

Note

On premise SCM integrations are only supported for Pro plans or above. To upgrade your plan, please contact support@snyk.io.
 

Setting up a Bitbucket Server Integration

  1. To give Snyk access to your Bitbucket Server account, set up up a dedicated service account in Bitbucket Server, with admin permissions. Visit Bitbucket Server documentation to learn more about creating users.

    Important

    Make sure the newly created user has Admin permissions to all the repositories you need to monitor with Snyk.

  2. In Snyk, go to the Integrations page and click on Bitbucket Server card:111.png

  3. Enter your Bitbucket Server URL, and the username and password for the service account you created:
    222.png
  4. Click Save.
    Snyk connects to your Bitbucket Server instance. When the connection succeeds, the following indications appear:
    333.png
    You can now select the repositories for Snyk to monitor.
  5. Click Add your Bitbucket Server repositories to Snyk to start importing repositories to Snyk.
  6. Select the repositories to import to Snyk when prompted, then click Add selected repositories.
  7. Snyk scans the selected repositories for dependency files (such as package.json and pom.xml) in the entire directory tree, and import them to Snyk as projects:
    444.png
  8. The imported projects appear in your Projects page and are continuously checked for vulnerabilities.

 

Bitbucket Server Integration Features

After the integration is done, you can use the following capabilities:

Project level security reports

Snyk produces advanced security reports, allowing you to explore the vulnerabilities found in your repositories, and fix them immediately by opening a fix pull request directly to your repository, with the required upgrades or patches.

This is an example of a project level security report:

555.png

Projects monitoring and automatic fix pull requests

Snyk frequently scans your projects on either a daily or a weekly basis. When new vulnerabilities are found, it notifies you by email and by opening an automated pull requests with fixes to repositories.

Here is an example of a fix pull request opened by Snyk:666.png

To review and adjust the automatic fix pull request settings, navigate to the Settings --> Integration --> Bitbucket Server page in Snyk: 
777.png

 

Pull request tests

Snyk tests any newly created pull request in your repositories for security vulnerabilities, and sends a build check to Bitbucket Server. You can to see whether the pull request introduces new security issues, directly from Bitbucket Server.

This is how Snyk pull request build check appears in the Pull Request page in Bitbucket Server:888.png

To review and adjust the pull request tests settings, navigate to the Settings --> Integration --> Bitbucket Server page in Snyk:

999.png

 

Required permissions scope for the Bitbucket Server integration

Snyk performs all the operations in Bitbucket Server on behalf of the integrated service account.

For Snyk to perform the required operations on monitored repositories (such as reading manifest files on a frequent basis and opening fix or upgrade PRs), the integrated Bitbucket Server service account needs Admin permissions on the imported repositories:

Action

Why?

Required permissions on the repository

Daily / weekly tests 

To read manifest files in private repositories.

Write or above 

Snyk tests on pull requests

To send pull request status checks when a new PR is created, or an existing PR is updated.

Opening fix and upgrade pull requests

To create fix PRs in monitored repositories.

Snyk tests on pull requests - initial configuration

To add Snyk's webhooks to the imported repos, so Snyk is informed when pull requests are created or updated, and can trigger scans.

Admin

Disabling the Bitbucket Server integration

To disable this integration:

  1. Navigate to the Settings --> Integrations page in Snyk.
  2. Find the specific integration to deactivate in your list of integrations, and click Edit settings
  3. A page appears showing the current status of your integration and a place to update your credentials, specific to each integration (credentials, API key, Service Principal, or connection details):101010.png
  4. Click Disconnect.

Warning

Your credentials are removed from Snyk and any integration-specific projects Snyk is monitoring are deactivated on Snyk.
If you then choose to re-enable this integration at any time, you will need to re-enter your credentials and activate your projects.