Add Bitbucket Server to Prisma Cloud Application Security
Table of Contents
Add Bitbucket Server to Prisma Cloud Application Security
Integrating Bitbucket Server with Prisma Cloud enhances your security posture by enabling Prisma Cloud Application Security to comprehensively analyze your infrastructure-as-code and open source packages. This integration empowers you to uncover potential vulnerabilities, identify exposed secrets within your repositories, and facilitate effective mitigation strategies. A key feature of this synergy is the establishment of a webhook mechanism that performs periodic scans on your repositories, generating push events for pull request analysis. It further generates detailed reports and inline comments, streamlining the process of addressing identified issues. The integration also enables you to initiate fix pull requests directly from Prisma Cloud console, ensuring seamless remediation.
As a prerequisite for ensuring seamless communication between your Bitbucket Server environment and Prisma Cloud Application Security, it is essential to add Prisma Cloud IP addresses and the hostname associated with Application Security to an allow list. This ensures uninterrupted access to the Prisma Cloud Console. To know more see enable access to the Prisma Cloud Console. Additionally, the provided hostname or IP address must be resolvable on public DNS servers.
The integration with Bitbucket Server extends support to Bitbucket Data Center and Server versions 6.7 and above.
- Access Bitbucket Server on Prisma Cloud Application Security.
- SelectSettings > Code & Build Providers > Add.
- SelectBitbucket Server.
- Integration Configuration.
- AddBase URLto establish the connection between Bitbucket Server and Prisma Cloud and then selectNext.
TheBase URLmust include the"HTTPS://"prefix.
- Create a Personal Access Token on Bitbucket Server.
- Access Bitbucket Server web interface and selectProfile > Manage account > Personal access tokens.
- SelectCreate Token.
- AddToken name.
- Configure appropriate permissions.
- AddPermissions.By default, the access token’s permissions align with your current access level. It is crucial to establish two tiers of permissions -Project PermissionsandRepository Permissions. The Repository Permissions inherits the Project Permissions, necessitating the Repository Permissions match or exceed Project Permissions. For example, if you possess Project write permission, a corresponding Repository write permission should be granted. Token permissions are modifiable and revocable as needed. To knoe more on Project and Repository permissions, see here.Required Permissions:
- For Projects - Read
- For Repositories - AdminGranting read and write permissions to relevant repositories empowers Prisma Cloud to copy files for scanning purposes and access repository settings. This facilitates subscription to pull request (PR) webhooks, enabling the initiation of fix PRs and comments on open PRs.
- AddExpiry.For additional security set the token to automatically expire. The expiry date of a token cannot be changed after it is created. You can see the expiry dates for all your tokens onProfile picture > Manage account > Personal access tokens.
- SelectCreate.
- Access Prisma Cloud console to add the newBitbucket Access Tokenand then selectRegister.
- Select repositories to scan and selectNext.You can choose the repositories Prisma Cloud should scan.
- Permit all existing repositories: This permits all current repositories in your project for a scan.
- Permit all existing and future repositories: This permits all current repositories and future repositories within the same project for a scan.
- Choose from the repository list:This permits you to select specific repositories from the project for a scan.
- Verify Bitbucket Server integration with Prisma Cloud.
- Access the Prisma Cloud console and then selectDone.
In your Bitbucket Server, a new webhook for Prisma Cloud will be created.You can view the integrated Bitbucket Server repositories in Prisma Cloud onSettings > Repositories.The scan results include the new integrated repositories on your next Bitbucket Server scan. AccessApplication Securityto view the scanned results. See Suppress or Fix for remediation of the issues.