Skip to main content

Bitbucket Pipelines Integration

img

note

First time using Bitbucket? Please refer to the following documentation.

Introduction​

With Conviso Platform integrated into your Bitbucket CI/CD Pipeline, you can automate your security processes, ensuring that your applications undergo through automated security assessments in new versions of your code.

You can run Conviso Platform AST (Application Security Testing). This product offers Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IaC) and enables Continuous Code Review performed by our Security Analysts directly on your Bitbucket pipeline.

Setting up a new repository without an existing pipeline​

To set up a repository, follow the steps below:

  1. At the BitBucket project page, click at the Pipelines section;
  2. Click Select at the Starter Pipeline option;
  3. A text editor will appear; delete all of its content;
  4. As the first job, let's invoke the CLI help menu. To do so, paste the snippet below:
image: convisoappsec/convisocli

pipelines:
branches:
master:
- step:
name: Conviso BitBucket Pipeline
script:
- conviso --help
services:
- docker

Setting up Environment Variable​

In order for the environment to be ready for the execution of all Conviso CLI resources, it is necessary to configure some environment variable. To accomplish that, follow the steps below:

  1. Generate API Key. This key is available for Conviso Platform users at the user profile page;

Generate API Key

img

  1. Under Repository Settings, click at Repository Variables;

img

Conviso AST​

You can run Conviso Platform AST (Application Security Testing). This product offers Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IaC) and enables Continuous Code Review to be performed by Security Analysts of Conviso (when supported in your plan) or by your own Security Analysts team.

image: convisoappsec/convisocli

pipelines:
branches:
master:
- step:
name: Conviso BitBucket Pipeline
script:
- |
conviso ast run \
services:
- docker

Troubleshooting​

If you encounter authentication issues after loading the CONVISO_API_KEY variable, please ensure it has been properly loaded within the environment session of all tasks utilizing the CLI.

Error. ‘credentials’ cannot be null.

To address this error, add the following lines to the configuration.

steps:
- checkout: self
persistCredentials: true

You have access to multiple companies, specify one using CONVISO_COMPANY_ID

To view the company ID, click on the company logo icon, as exemplified in the image.

img

Example

   - export CONVISO_COMPANY_ID=0000
- conviso ast run

Support​

If you have any questions or need help using our product, please don't hesitate to contact our support team.

Resources​

By exploring our content, you'll find resources to help you to understand the benefits of the Conviso Platform integrations for Secure CI/CD Pipeline:

Discover Conviso Platform!