Bitbucket Pipelines Integration
Integrate Threatspy with Bitbucket Pipelines to automatically trigger security scans as part of your CI/CD workflow. This enables continuous security testing of your web applications and APIs whenever code is pushed or a pull request is created.
Prerequisites
Before you begin, ensure you have:
- A Threatspy account with an active subscription or trial.
- An application already created in Threatspy.
- A valid Threatspy API Key.
- The Application ID of the application you want to scan.
- Your registered Threatspy email address.
- A Bitbucket repository with Pipelines enabled.
Step 1: Generate Threatspy Credentials
Log in to your Threatspy dashboard and collect the following credentials.
| Credential | Description |
|---|---|
| API Key | Used to authenticate API requests to Threatspy. |
| Application ID | Unique identifier of the application to be scanned. |
| User Email | Registered email address associated with your Threatspy account. |
> Note: Keep your API Key confidential and never commit it to your repository.
Step 2: Configure Bitbucket Repository Variables
Navigate to your Bitbucket repository:
Repository Settings → Repository Variables
Create the following repository variables:
| Variable Name | Description |
|---|---|
| `THREATSPY_API_KEY` | Your Threatspy API Key |
| `THREATSPY_APP_ID` | Your Threatspy Application ID |
| `THREATSPY_USER_EMAIL` | Your registered Threatspy email address |
> Recommended: Mark sensitive variables as Secured to prevent them from being exposed in build logs.
Step 3: Configure the Bitbucket Pipeline
Create or update the `bitbucket-pipelines.yml` file in the root of your repository.
image: atlassian/default-image:4
pipelines:
branches:
main:
- step:
name: Security Scan
script:
- |
curl -X POST https://api.threatspy.secureblink.com/start-scan \
-H "x-api-key: $THREATSPY_API_KEY" \
-H "x-app-id: $THREATSPY_APP_ID" \
-H "email: $THREATSPY_USER_EMAIL" \
-H "Content-Type: application/json"
pull-requests:
'**':
- step:
name: Security Scan
script:
- |
curl -X POST https://api.threatspy.secureblink.com/start-scan \
-H "x-api-key: $THREATSPY_API_KEY" \
-H "x-app-id: $THREATSPY_APP_ID" \
-H "email: $THREATSPY_USER_EMAIL" \
-H "Content-Type: application/json"This pipeline automatically triggers a Threatspy security scan when:
- Code is pushed to the main branch.
- A Pull Request is created or updated.
Step 4: Commit and Push Changes
Commit the updated Bitbucket Pipelines configuration and push it to your repository.
git add bitbucket-pipelines.yml
git commit -m "Add Threatspy Bitbucket Pipelines integration"
git push origin mainBitbucket Pipelines will automatically trigger a new pipeline based on the configured branch and pull request events.
Step 5: Verify Pipeline Execution
After the pipeline starts:
- Navigate to Pipelines in your Bitbucket repository.
- Open the latest pipeline execution.
- Verify that the Security Scan step executes successfully.
- Ensure the pipeline completes without any errors.
Once the pipeline finishes successfully, the security scan request will be submitted to Threatspy for processing.