Use the Prisma Cloud App for Bitbucket Server

Install the Prisma Cloud app for Bitbucket Server.
You must have administrator privileges to install apps on Bitbucket server.
Launch a browser and go to the following URL:
http://localhost:7990
.
If you used a different port number then replace
7990
with that number.
Enter your login credentials and authenticate.
Select
Admin
Manage apps
Find new apps.

Enter
prisma cloud
.
Install
and restart your Bitbucket server.
Specify the settings for the Bitbucket app.
You configure the Bitbucket app settings to connect it to your instance of Prisma Cloud.
Select
Users
Projects
Repositories
, and then select the repository you want to scan.
Select the gear icon and then
Prisma Cloud Settings
.
Prisma Cloud API URL
—The URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed. If the tenant provisioned for you is, for example, https://app2.prismacloud.io or https://app.eu.prismacloud.io, replace
app
in the URL with
api
. Refer to the Prisma Cloud REST API Reference for more details.
Prisma Cloud Access Key
—Enables programmatic access to Prisma Cloud. To create an access key select
Settings
Access Keys
Add New.
Prisma Cloud Secret Key
—You should have saved this secret key when you generated it. You cannot view it on the Prisma Cloud web interface.
Prisma Cloud SCM Asset Name
—The name of the
assetName
you want to scan. For example,
bitbucket-build-test-1
.
Prisma Cloud SCM Tag
—The key-value pairs separated by commas which allows the build to be searched in the DevOps inventory UI of Prisma Cloud. Examples of valid tags;
env:dev
,
tag:value
,
team:team-one
.
Template Type
—A template is a configuration management tool that is used to provision resources in the cloud. The templates supported are Terraform, AWS CloudFormation, and Kubernetes Templates. Enter the templates abbreviations as values, for example
TF
,
CFT
, and
K8S
.
Template Version
(Optional)—This field is only applicable if you entered
TF
in the Template Type field. See what versions of Terraform are supported.The value you enter will be a hint as the system will attempt to determine the correct version number. If the version number can’t be detected, then the system will use the value you entered.

Save
the settings and click
Test Connection
to confirm that your login credentials work.
Configure the Failure Threshold.
Specify the number of issues for each severity.
Select
Enabled
next to
Prisma Cloud IaC Scan
to define the number of issues by severity.
Set the High:
x
, Medium:
y
, Low :
z
, Operator:
O
, and Merge:
m
values. The variables
x
,
y
, and
z
are the number of issues of each severity,
O
represents the logical operators OR and AND, and
m
, represents YES or NO for the merge request.
For example:
To fail the pull request for any security issue detected—
High
: 0,
Medium
: 0,
Low
: 0,
Operator
: OR,
Merge
: no.
To never fail the pull request—
High
: 1000,
Medium
: 1000,
Low
: 1000,
Operator
: AND,
Merge
: yes.
Comment Criteria
and
Task Criteria
are two ways to show the report of the IaC scan to the end user. If the number of issues matches the values specified in the
Comment Criteria
then a comment will be created, and if the values matches a
Task Criteria
then a task will be created.
Generate a pull request.
Create a pull request by selecting the pull request icon. Enter the details for your pull request.
An example of a pull request with a comment:

An example of a pull request with tasks:

The two tasks must be resolved in order for the pull request to be merged into the main branch.