How to configure Bitbucket with DigitSec
Please follow these steps to integrate DigitSec to scan your Bitbucket repository based on Bitbucket events.
- Please retrieve an Bitbucket Secret specific to your DigitSec Workspace. Please use a browser to go to https://s4.digitsec.com and sign in.
- After logging in, find the Workspace you wish to scan and click on the title to access the Dashboard. Use the Workspace navigation and sub-tav navigation to select Integration --> Bitbucket.
- Please use the clipboard icon to copy the field contents. Please leave this browser window open on this page as you will return to it in Step 8.
How to find your Repository name, Workspace Id and Bitbucket username:
- Once you log in to bitbucket the first screen that is seen has a title bar as show below:
- Select Repositories, this will open the screen below:
The repository names are listed in bold under the Summary heading.
- Click on the Profile and Settings tab shown on the top right as follows:
- On the drop down that opens, then click Personal Settings.
- The following screen comes up which shows the username under the Bitbucket profile settings
- Once you are on the repository under question, you should see a screen like below showing the files in your repo:
- Please examine your browser URL address bar. You will see a string similar to the image below. The circled portion indicates how to identify your Workspace Id.:
Creating a Webhook and App password
- Open a new browser window and log into Bitbucket. Find the repository you wish to integrate with DigitSec and use the Repository Settings screen to find Webhooks.
- . Click on the Webhooks to access the following screen.
- Click the Add webhook button.
- You will create a webhook for this repository. You can enter a useful name in the Title field. Your webhook will be pointed at https://s4.digitsec.com/webhooks/bitbucket/<bitbucketSecret>. This URL (including the Bitbucket secret) has already been copied to the clipboard from step 3. So, you can paste it in the URL field below.
Note: DigitSec advises that you select the Pull requests: created/updated triggers. This will trigger the webhook on all major pull request events and is the intended way for using this integration.
- You must now create an App Password. Go to the profile and setting tab in the bottom left and click Personal Settings.
- On the page that loads up, please select App passwords. This will bring up a new screen. Please click the Create app password button. You will now see the screen below:
- Please designate a label for the app password and check Read and Write permissions for Pull Requests as shown above. Click the Create button which will refresh the page to show the app password. Please copy it to the clipboard. You may wish to also save it to a local file as it will not be visible again.
- Return to the browser window you left open in Step 3 that shows the Bitbucket tab of the S4 Salesforce org Info Screen. Enter the Repository Name (exactly as you have it on bitbucket), your Bitbucket Username and your Workspace Id in the corresponding fields. If you want S4 to create a new Pull Request based off of your current branch please select the check box for Is Pull Request Required.
Finally, paste the App Password from the previous step into the correct field.
Click Verify and Save.
- To verify this is working, please take an action that will activate the trigger you selected. Once you have finished this, the scan will have already begun. Scans typically take between 5 and 15 minutes. DigitSec will send a notification email once the scan has completed which will include a link to your Scan Findings Detail Report.
- The results from DigitSec will show up in the pull request comments as follows: