Bitbucket

Bitbucket is a Git-based source code repository hosting service owned by Atlassian.

Connecting your BitBucket allows OX to map your apps and scan them for security issues.

Bitbucket server

• Bitbucket.com - if you are using the public SaaS Bitbucket server, you can use either "Identity provider" or "Username & Password" login. The Username & Password option has the address of the SaaS server by default.

• Bitbucket Enterprise - if you are using a private Bitbucket installation, use "Username & Password" login and provide the Bitbucket server URL on the "Username & Password" login tab.

Connection options

• Identity Provider - just click “Connect” under the “Identity Provider” tab and follow the instructions on the screen.

• Username and Password - Create an App password in BitBucket with the permissions mentioned below, enter your username in the username field, copy the password into the password field and click “Connect”.

Permissions required

• Account - Read and Write

• Workspace memberships - Read and Write

• Projects - Write and Admin

• Repositories - Write and Admin

• Pull requests - Read and Write

• Issues - Read and Write

• Snippets - Read

• Webhooks - Read and write

• Pipelines - Read

• Runners - Read

Once you have verified BitBucket connectivity, you can see all of the repositories and can select them for scanning.

Setting repositories' scope

You can use the "Gear" icon to choose the repositories' scope OX will cover. Only repositories chosen here will be covered and scanned.

Here you can also decide what will happen by default with newly discovered repositories.