This post is authored by Marco Morales, Partner Solutions Architect, and Sarah Conway, Director of Partner Marketing, at Snyk.
We're excited to announce a new Snyk App for Bitbucket Cloud. Snyk first announced this integration in June 2021, which brings Snyk scan results into the Bitbucket Cloud environment so you can identify vulnerabilities as they emerge, right next to the code in your everyday workflow.
The new Snyk App for Bitbucket Cloud is available for free and has a simplified installation and onboarding process within the Bitbucket UI as well as new enterprise functionality.
To fully experience Snyk within Bitbucket, developers installing the new app can take advantage of a free 30-day trial with unlimited open source, code, container, and infrastructure as code (IaC) tests, plus Jira integration, license compliance checks, and reporting. To sweeten things even further for Bitbucket enterprise users, Snyk also is also offering a 25 percent bundle discount when Bitbucket teams buy Snyk Open Source and Snyk Code together.
This blog post will dive deeper into the top new benefits for developer teams as well as existing features that your teams can continue to use as before. The main highlights include:
- Streamlined onboarding process, making it easier and faster than ever to set up Snyk on a Bitbucket workspace within Bitbucket Cloud.
- Visibility to security issues directly in the Bitbucket interface through the Security tab, which is now an integral part of the integration.
- Improved enterprise functionality, such as access to allow listing IP addresses. This means users with access to private repositories or other private content are only able to see the content from certain IP addresses. Users also are prevented from cloning or doing push/pull requests on private repositories.
- Sets the foundation for future enhancements to the developer experience by leveraging Bitbucket-specific capabilities like exposing additional native widgets within the Bitbucket interface.
New and improved installation process
The legacy onboarding process required several clicks and the creation of a Personal Access Token (PAT) to enable the authentication from Snyk into Bitbucket. The new process improves on this sequence by requiring fewer clicks and no longer requiring the PAT.
The Snyk App is available on the Atlassian Marketplace or from a Bitbucket Repository's Security tab. Getting started is even faster and easier because the Snyk App is now a trusted Atlassian Marketplace app and uses Atlassian Connect.
Assigning the Snyk App to the workspace is in line with other Atlassian workspace features. For example, Pull Request workflows and Whitelisting are configured for the workspace and in Snyk as well.
With just a few simple clicks, you'll be off and running with scanning pull requests for vulnerabilities. Just as before, when clicking on a vulnerability displayed in the Code Insights report, you're taken to Snyk's public vulnerability database that provides the context and information required to facilitate further investigation and remediation.
Now that the Snyk App uses Atlassian Connect for authorization, you no longer need to add Snyk to a whitelist or allowlist. When an app uses Atlassian Connect authorization, your IT department does not have to configure rules to permit traffic for the Snyk App. This enhancement benefits teams by requiring less maintenance and administration, saving additional time.
Using Snyk throughout the development lifecycle
All of the existing features for native integration, Bitbucket Pipelines, and integration into Code Insights continue to be supported.
- Gain early security insights into pull requests. Snyk's integration with Code Insights allows you to view the results of Snyk's security scan as part of your natural development flow. As soon as new pull requests are opened, Snyk scans them for new vulnerabilities and license issues and shows detailed annotations next to each change that introduces a new issue. This allows developers to take fast, effective, and data-informed remediation steps, all from within the Bitbucket user interface.
- Full security visibility into Bitbucket Cloud pipelines. A dedicated Snyk pipe allows Bitbucket users to add automated security testing into CI/CD pipelines as well. If vulnerabilities are found, the Snyk pipe gates the process according to the configuration set by the user.
Learn more: free Snyk trial & 25% discount
Join us to see the new Snyk App for Bitbucket Cloud in action on Nov. 1 at 11 am ET. From installation to everyday use, our Snyk in 30 live democast will show you how easy and fast it is to find, prioritize, and fix security vulnerabilities and license issues in your open-source dependencies and container images within Bitbucket Cloud.
If you're looking for hands-on support to configure your Snyk account based on best practices, join us on Nov. 15th for a 30-minute implementation workshop: Snyk Security for Bitbucket Cloud Implementation Workshop.
The free 30-day trial and Snyk's limited-time Snyk Open Source + Snyk Code bundle discount should make it easy to give the new Snyk App a try. Learn more about the discount when you book a demo.