Finding open source vulnerabilities within the Bitbucket workflow
Snyk is happy to implement code insights, a new functionality by Bitbucket, to allow Bitbucket Server users to view detailed results of Snyk’s vulnerability scan, all within Bitbucket itself.
Watch a short demo showing the new integration:
Integration of Snyk with Bitbucket Server allows developers to protect their code from any open source vulnerabilities as part of their daily workflow. Snyk scans all opened pull requests to ensure they aren’t introducing new open source vulnerabilities, and can block such pull requests from being merged. Snyk also scans repositories daily to test for newly disclosed vulnerabilities.
If a new vulnerability was found, not only will Snyk alert about the newly found vulnerability, but it will also open a Fix pull request, including suggested upgrades or Snyk’s precision patches to fix the vulnerability.
With the implementation of code insights, developers can analyze the scan results from within their regular workflow in Bitbucket, without having to move away to Snyk for a deeper analysis. In Bitbucket’s pull request interface the changes are scanned by Snyk for new vulnerabilities and you can view in-line detailed annotations next to each change that introduces a new issue. These annotations make it easier to understand the results of Snyk’s scan and support informed decisions, as demonstrated in the following images.
The following image displays detailed scan results of a new pull request, including details of the vulnerabilities found:
The following image displays in-line annotation of the vulnerabilities:
With code insights in place, Snyk is now fully equipped to integrate with your Atlassian workcycle. Starting with securing the code management process, Snyk tests, fixes and monitors your projects in Bitbucket server (see more information here about How to install Snyk with Bitbucket Server). You can also secure the Build and Deploy processes with the Snyk integration to the Bitbucket pipeline.