: Begin Scanning a Bitbucket Cloud App
Focus
Focus

Begin Scanning a Bitbucket Cloud App

Table of Contents

Begin Scanning a Bitbucket Cloud App

Authorize
Data Security
to connect to Bitbucket Cloud to scan all content shared within the app.
To connect a Bitbucket Cloud app and begin scanning assets, you need to:
  • Ensure that you have a Bitbucket Cloud Site administrator account.
  • Grant
    Data Security
    access to Bitbucket Cloud.
  • Add the Bitbucket Cloud app to
    Data Security
    , providing
    Data Security
    information about your Bitbucket Cloud workspace and account.
If you onboarded your Bitbucket app before May 20, 2022, there is a newly published app available on the Bitbucket Marketplace. To replace your existing app, you must delete it from the dashboard, uninstall (Workspace > Settings > Installed apps > Remove), and reonboard the app. If you don’t, some new features won't be available, including remediation and user activity monitoring capabilities. Your existing app does not support remediation, so you likely did not create any policy rules that are purged when you delete the app. After you reonboard, you can create policy rules for improved data loss prevention.
Support for automated remediation capabilities varies by SaaS application.

Bitbucket Onboarding Time

Data Security
scans for two Bitbucket Cloud asset types:
  • Commits
    —Repository commits across all branches.
  • Repository
    —Repository assets are scanned when the first commit occurs or when exposure settings are changed. The Owner name mentioned in the Assets page is the last person who edited the repository settings.
When you perform Change Sharing, the repository asset is updated with Exposure as “Internal”, and the Workspace name is displayed as the Owner.
The specific assets that
Data Security
scans and displays in the SaaS Security web interface are based on your
onboarding time
, which begins when you initiate scanning:
  • Post-onboarding
    —Commits and Repository updates after onboarding are scanned.
  • Pre-onboarding
    —Commits and Repository updates before onboarding are not scanned. Only newly added content to pre-onboarding commits is scanned.

Add Bitbucket Cloud App

In order for
Data Security
to scan assets, you must consent to specific permissions when adding the Bitbucket app.
  1. (
    Recommended
    ) Add your Bitbucket Cloud domain as an internal domain.
  2. To add the Bitbucket Cloud app, go to
    Data Security
    Applications
    Add Application
    Bitbucket
    .
    1. Select
      Connect to Bitbucket Account
      .
    2. Sign in
      with an account that has Site administrator permissions.
    3. In
      Authorize for workspace
      , select your team’s Bitbucket workspace, then
      Grant access
      .
    4. Review and
      Allow
      the requested permissions.
      Data Security
      requires these permissions to scan your assets on Bitbucket Cloud.
      After authentication,
      Data Security
      adds the new Bitbucket Cloud app to the list of Cloud Apps as Bitbucket n, where n is the number of Bitbucket Cloud app instances that you have connected to
      Data Security
      . You’ll specify a descriptive name soon.

Customize Bitbucket Cloud App

After you add the Bitbucket Cloud app, customize the app to make use of capabilities that are unique to this app or that differentiate this app instance from others.
  1. (
    Optional
    ) Give a descriptive name to this app instance.
    1. Select the Bitbucket n link on the Cloud Apps list.
    2. Enter a descriptive
      Name
      to differentiate this instance of Bitbucket Cloud from other instances.
    3. Click
      Done
      to save your changes.
  2. Next step
    : Proceed to Identify Risks.

Identify Risks

When you add a new cloud app, then enable scanning,
Data Security
automatically scans the cloud app against the default data patterns and displays the match occurrences. You can take action now to improve your scan results and identify risks.
  1. Start scanning the new Bitbucket Cloud app for incidents.
    1. Select
      Settings
      Cloud Apps & Scan Settings
      .
    2. In the Cloud Apps row that corresponds to the new Bitbucket Cloud app, select
      Actions
      Start Scanning
      .
  2. During the discovery phase, as
    Data Security
    scans files and matches them against enabled policy rules:
    • Verify that
      Data Security
      displays assets.
    • Verify that your default policy rules are effective. If the results don’t capture all the risks or you see false positives, proceed to the next step to improve your results.
  3. (
    Optional
    ) Modify match criteria for existing policy rules.
  4. (
    Optional
    ) Add new policy rules.
    Consider the business use of your cloud app, then identify risks unique to your enterprise. As necessary, add new:
  5. (
    Optional
    ) Configure or edit a data pattern.
    You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
  6. Next step
    : Proceed to Fix Bitbucket Cloud App Onboarding and Scan Issues, if necessary.

Fix Bitbucket Cloud App Onboarding and Scan Issues

The most common issues related to onboarding a Bitbucket Cloud app are as follows:
Symptom
Explanation
Solution
Not all commits display in the SaaS Security web interface.
The assets that display are based on your Bitbucket Onboarding Time.
This is expected behavior. However, periodically monitor the support because new support is added regularly.
Primary Email
of user does not display in the SaaS Security web interface.
Due to Atlassian GDPR policy, Bitbucket does not enforce email id with a commit owner. Therefore, the SaaS Security web interface displays the
atlassian_account_id
by default instead of the user's email address.
As a consequence, users don’t receive Slack notifications.
To receive user notifications, the administrator of the repository must enforce the email address being configured by each commit owner and verify the legitimacy of the configured email address. In short, ensure that each commit owner’s profile is set to the user’s email address.
Not receiving user Slack notifications.

FAQs for Bitbucket Cloud App

The most common questions related to onboarding a Bitbucket Cloud app are as follows:
Question
Answer
What if there are multiple files in a commit?
Each commit is treated as a separate asset.
Are merge commits scanned?
To avoid duplicates, merge commits are not scanned.
What if a commit is associated with multiple branches?
Data Security
does not scan the same commit twice. If a commit is part of multiple branches, only the first commit is scanned.
How are assets named for commits?
The asset name is a combination of the short
Commit ID
and filename.
What does the Repository on the Asset Details (Basic Info) page hyperlink to?
Directs you to the parent repository asset, not the repository on Bitbucket Cloud.

Recommended For You