Integrate Bitbucket with BoostSecurity¶

BoostSecurity lets you connect your Bitbucket organization to scan repositories, pull requests, and code commits for security issues.

Prerequisites¶

As a pre-requisite to installing the application:

The option Enable development mode must be selected in your Bitbucket's workspace's Installed Applications settings.
You must enable Two Factor Authentication, i.e., 2FA enabled. To enable 2FA, go to Bitbucket's two0step verification page, follow the steps provided, and click on Enable two-step verification to complete the process.

Permissions¶

This integration allows BoostSecurity to access your Bitbucket organization and repositories and apply security checks, including CI/CD supply chain security checks.

1. Connect Bitbucket to BoostSecurity¶

To install the BoostSecurity App on your Bitbucket workspace, follow these steps:

Navigate to the Integration view. I.e., in Settings > Integrations. Select the Bitbucket integration from the Available section.
Select Install, and you will be directed to authorize access to BoostSecurity for your workspace.
Select the appropriate Bitbucket workspace for which you want to authorize the BoostSecurity App.
Select Grant access.

Once the installation is completed, the BoostSecurity Bitbucket card is added to the Settings > Integrations > Installed section. At this point, the BoostSecurity App is installed in your Bitbucket workspace.

2. Enable Default Scanner Protection¶

After successfully integrating your Bitbucket organization, enabling the BoostSecurity scanner is recommended.

To do this,

Navigate to the Scanner Coverage page and select the Default Scanner Protection column for your Bitbucket integration.
Toggle SBOM, SCA, or Secrets to enable the BoostSecurity Scanner default protection on your Bitbucket resource.