Add Bitbucket to Prisma Cloud Application Security
Table of Contents
Add Bitbucket to Prisma Cloud Application Security
Integrating Bitbucket enables Prisma Cloud to scan your Infrastructure-as-code files (such as Terraform and CloudFormation), open source packages, licenses and CI/CD systems for misconfigurations, vulnerabilities, exposed secrets, license non-compliance and CI/CD system issues across IaC Security, Secrets Security, SCA and CI/CD Security modules.
This integration creates a webhook that periodically scans your repositories, creates a push event to scan pull requests and creates reports and inline comments, and enables you to open fix pull requests from Prisma Cloud.
- Verify prerequisites.
- Setup access to specific Bitbucket repositories.As a best practice, enable access to all your Bitbucket repositories to ensure your relevant files can be scanned for adherence to security and compliance checks.However, if you want to restrict access to only a set of specified repositories in your Bitbucket Workspace, complete the following setup on Bitbucket to choose a Bitbucket user.
- The user can be an existing user or a new user you created for this purpose. For example, PrismaCloudCodeSecurity@mycompany.com.
- InBitbucket > Repository Settingsgive the userWrite accessto the relevant repositories. Granting write permissions to the relevant repositories allows Prisma Cloud to copy files to be scanned and to have access to repository settings in order to subscribe to the pull request (PR) webhooks to open fix PRs and comment on opened PRs.
- Bitbucket sends a confirmation email to the user. Access the email and confirm authorize access.
- Log in to Bitbucket with the relevant user credentials before you add Bitbucket to Prisma Cloud. Prisma Cloud uses OAuth for authorizing access,you must log in to Bitbucket with the relevant user credentials to ensure that the authentication is successful.
- Add the Prisma Cloud IP addresses and hostname for Application Security to an allow list, to enable access to the Prisma Cloud Console.
- Configure a Bitbucket account on Prisma Cloud.
- SelectSettings > Code & Build Providers > Add > Bitbucket.
- SelectAuthorizeto authorize your Bitbucket account to integrate with Prisma Cloud.You are redirected to the Bitbucket console.
- Enter you Bitbucket account details and then selectContinue.
- Review the permissions and then selectGrant accessto confirm Prisma Cloud authorization onBitbucket.You are redirected to theAdditional Permissions (Optional)step of the wizard.
- Enable the CI/CD Security Module (optional) to provide protection of the CI/CD systems in your Bitbucket environment.
- Provide yourUser Name.To retrieve your user name: In Bitbucket, selectSettings(next to your profile) >Personal Bitbucket settings. Your user name is displayed underBitbucket profile settings.
- Generate an App Password in Bitbucket and make a copy for safekeeping.You must grant Read and Admin permissions to Prisma Cloud when creating the app password.
- In Prisma Cloud console, add the generated password in theApp Passwordfield of the wizard >Next.
- Define the repositories to be scanned.
- Select an available option.
- Permit all existing repositories: Enables Prisma Cloud to scan all existing repositories that are associated with the selected app password.
- Permit all existing and future repositories: Enables Prisma Cloud to scan all existing repositories and any new repositories that are subsequently associated with the app password.
- Choose from repository list: This option enables you to select specific repositories to be scanned.
- SelectNext.
- SelectDonein theStatusstep of the wizard that displays theNew integration successfully configuredmessage.
- Verify that the Azure Repos integration with Prisma Cloud is successful.
- SelectSettings>Code & Build Providers.
- Verify that theBitbucketintegration is displayed from theVCS User Tokencolumn.
You may have to wait for up to three minutes before the status of the integration is updated and displays.After successfully completing integration, a new webhook is displayed in Bitbucket underSettings>Workflow>Webhooks.After a security scan, accessApplication Security>Projectsto view the latest integrated Bitbucket repositories scan results to Suppress or Fix the policy misconfigurations.