Bitbucket

Prerequisites

Before integrating Bitbucket, it is recommended to create an Invicti ASPM service account as a preparation step and ensure that this user has access to the projects to be scanned.

Integration Steps

1. Sign in to Bitbucket Cloud.
2. Click the profile icon at top right cornet.
3. Click Account Settings.
4. Click Security Tab and Navigate to the API Tokens.

5. Click Create and manage API tokens under the API Tokens section.

6. Provide a descriptive name for the token to clearly identify its purpose and set an expiration date.
7. Select Bitbucket as the application.

8. After selecting the required scopes, create the token.
   • Read
     • read:issue:bitbucket
     • read:pullrequest:bitbucket
     • read:repository:bitbucket
     • read:user:bitbucket
     • read:workspace:bitbucket
   • Write
     • write:issue:bitbucket
     • write:pullrequest:bitbucket
9. Copy the generated token and store it securely. For security reasons, the token will not be visible again after leaving the page.

10. After this step, the process can be continued from the Invicti ASPM UI using the generated token

At this step, entering the token and clicking Test Connection is sufficient.

Onboarding Projects

Afterwards, projects can be synchronized from the Sync option located next to the Activate button, allowing projects to be onboarded quickly.

When the Daily Sync feature is enabled, the system synchronizes projects from Bitbucket on a daily basis and automatically onboards all projects that have not yet been onboarded. If the license project count is limited, enabling this feature is not recommended. The available project quota may be consumed rapidly, which can prevent new projects from being added to the system.