This article was written by Sarah Conway from Snyk, a company that helps organizations find and fix vulnerabilities in open source dependencies and container images.
Keeping your dependencies up to date has a lot of value – it solves bugs, supports new features and fixes security vulnerabilities. Ideally updating libraries should be an easy and automated process, a process that ensures no code breaks or new vulnerabilities are introduced and most importantly – should be done natively as an integral part of the development process.
Improve project health and eliminate potential vulnerabilities
This is exactly what Snyk’s Auto Upgrades allows you to do, directly from Bitbucket Cloud. With this new functionality, you are able to automatically upgrade your dependencies, improve overall project health and avoid new vulnerabilities or code breaks.
Snyk automatically creates pull requests to update your out-dated dependencies. Currently, npm and Maven-central packages are supported with other languages to follow. Every PR lists any vulnerabilities remediated as part of the upgrade, and will not introduce new vulnerabilities. See Snyk’s blog post for more information.
Find and fix vulnerabilities using Snyk for Bitbucket
This capability is part of Snyk’s native solution for Bitbucket Cloud, which automates scanning and fixing of open source libraries. Using Snyk for Bitbucket Cloud allows you to scan every new PR and prevent a merge when needed, open an automated fix PR for vulnerabilities, monitor the repository and much more.
We’re always excited to see integrations that work seamlessly with Bitbucket evolve to help teams develop better software faster.
Get started today, for free!
If your team is using Bitbucket Cloud, enable integration between Bitbucket and Snyk to start managing your vulnerabilities. Check out Snyk’s official documentation. Need help? Reach us or find answers to many common questions here.
Want to try Snyk for free? Sign up here for a limited number of monthly tests, including this functionality, to see what vulnerabilities exist in your application.