Use the Prisma Cloud app for Bitbucket Server
Secure your Bitbucket workflow by running IaC scans on
your pull requests and checking them against Prisma Cloud’s comprehensive
set of security policies.
The Prisma Cloud ™ app for Bitbucket Server
allows you to perform IaC scans on Bitbuckets pull requests and
check them against Prisma Cloud’s comprehensive set of policies.
The plugin performs a full repository scan for the branch that the
pull request was made on. If policy violations exceed the specified
threshold, the pull request is blocked and a comment containing
the security issues is displayed. The results generate within Bitbucket
as a report and provides you with visibility into the security of
your Bitbucket workflow.
- Install the Prisma Cloud app for Bitbucket ServerYou must have administrator privileges to install on Bitbucket server.
- Launch a browser and go to the following URL:http://localhost:7990.If you used a different port number then replace7990with that number.
- Enter your login credentials and authenticate.
- SelectAdminManage appsFind new apps.
- Enterprisma cloud.
- Installand restart your Bitbucket server.
- Specify the settings for the Bitbucket appYou configure the Bitbucket app settings to connect it to your instance of Prisma Cloud.
- Select, and then select the repository you want to scan.UsersProjectsRepositories
- Select the gear
icon and then
Prisma Cloud Settings.- Prisma Cloud API URL—The URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed. If the tenant provisioned for you is, for example, https://app2.prismacloud.io or https://app.eu.prismacloud.io, replaceappin the URL withapi. Refer to the Prisma Cloud REST API Reference for more details.
- Prisma Cloud Access Key—Enables programmatic access to Prisma Cloud. To create an access key selectSettingsAccess KeysAdd New.
- Prisma Cloud Secret Key—You should have saved this secret key when you generated it. You cannot view it on the Prisma Cloud web interface.
- Prisma Cloud SCM Asset Name—The name of theassetNameyou want to scan. For example,bitbucket-build-test-1.
- Prisma Cloud SCM Tag—The key-value pairs separated by commas which allows the build to be searched in the DevOps inventory UI of Prisma Cloud. Examples of valid tags;env:dev,tag:value,team:team-one.
- Template Type—A template is a configuration management tool that is used to provision resources in the cloud. The templates supported are Terraform, AWS CloudFormation, and Kubernetes Templates. Enter the templates abbreviations as values, for exampleTF,CFT, andK8S.
- Template Version(Optional)—This field is only applicable if you enteredTFin the Template Type field. See what versions of Terraform are supported.The value you enter will be a hint as the system will attempt to determine the correct version number. If the version number can’t be detected, then the system will use the value you entered.
- Savethe settings and clickTest Connectionto confirm that your login credentials work.
- Configure the Failure Threshold
- Specify the number of issues for each severity.SelectEnablednext toPrisma Cloud IaC Scanto define the number of issues by severity.Set the High:x, Medium:y, Low :z, Operator:O, and Merge:mvalues. The variablesx,y, andzare the number of issues of each severity,Orepresents the logical operators OR and AND, andm, represents YES or NO for the merge request.For example:
- To fail the pull request for any security issue detected—High: 0,Medium: 0,Low: 0,Operator: OR,Merge: no.
- To never fail the pull request—High: 1000,Medium: 1000,Low: 1000,Operator: AND,Merge: yes.
Comment CriteriaandTask Criteriaare two ways to show the report of the IaC scan to the end user. If the number of issues matches the values specified in theComment Criteriathen a comment will be created, and if the values matches aTask Criteriathen a task will be created. - Generate a pull requestCreate a pull request by selecting the pull request
icon. Enter the details for your pull request.
An example of a pull request with a comment:
An example of a pull request with tasks:The two tasks must be resolved in order for the pull request to be merged into the main branch.
Recommended For You
Recommended Videos
Recommended videos not found.