Back to Search Results

Bitbucket Pipelines

By: Snyk

Learn More

"Bitbucket Pipes enables users to customize and automate a Bitbucket Pipeline CI/CD workflow with a group of ready-to-use tasks that can be added inside of your pipelines by copying and pasting them from the Bitbucket interface.

With the Snyk pipe, you can quickly add Snyk scanning to your pipelines to test and monitor for vulnerabilities at different points of the CI/CD workflow, based on your configurations. Results are then displayed in the Bitbucket Pipelines output view and can also be monitored on the Snyk Web UI."

Features
  • Snyk scans app dependencies or container images for vulnerabilities and open source license issues
  • Snyk then lists the vulnerabilities and issues
Benefits
  • If Snyk finds vulnerabilities, it does one of the following (based on your configuration):
  • Fails the build
  • Lets the build complete
Prerequisites
  • Ensure you have build minutes in your account, which are necessary to enable ongoing CI/CD workflows
  • Create a Snyk account and retrieve the Snyk API token from your Account settings.
  • Create a Repository variable from Bitbucket for your Snyk API token. Call the variable SNYK_TOKEN.
How it Works
  • Add the Snyk pipe while creating your pipeline or while editing an existing pipeline.
  • When adding the Snyk pipe, follow the guidelines in the remaining steps.
  • Use the Bitbucket pipeline editor to update the .yml file configuration, and select the correct language.
  • Use the Bitbucket Pipes build directory when adding the Snyk pipe.
  • Paste the Snyk pipe into the Bitbucket editor interface after all build steps.
  • Build steps are commands such as these: npm install / composer install / bundle install / dotnet restore / docker build.
  • Ensure you paste the pipe before a deployment step, such as npm publish or docker push.
  • Configure the LANGUAGE, choose whether to fail the pipeline on vulnerabilities found with DONT_BREAK_BUILD (SEVERITY_THRESHOLD)
  • Choose enabling MONITOR.
  • Once Snyk is included in your pipeline commands, it looks for the manifest files in that repository and performs the scan.
Demo Video

Version:
N/A

Integration Categories:
Continuous Integration (Pipeline Mgmt)

Support:
support@snyk.io

Snyk Products:
Snyk Code

Website

Contact