How to configure Bitbucket with S4
Please follow these steps to set up S4 to scan your Bitbucket repository based on Bitbucket events.
- First, you will need to retrieve an S4 Web Secret specific to your Salesforce org. Please use a browser to go to https://s4.digitsec.com and sign in.
- After logging in, find the Salesforce org you wish to scan. Click on the collapsible function menu to select Edit Org Info
- On the Edit Org information page, click on the Bitbucket tab. Next, click on CREATE BITBUCKET REPO button. The screen should appear as the example below. Your Bitbucket secret should appear in cleartext. Please use the clipboard icon to copy the field contents. Please leave this browser window open on this page as you will return to it in Step 8.
- Open a new browser window and log into Bitbucket. Find the repository you wish to integrate with S4 and use the Repository Settings screen to find Webooks.
- . Click on the Webhooks and to access the following screen.
- Click the Add webhook button.
- You will create a webhook for this repository. You can enter a useful name in the Title field. Your webhook will be pointed at https://s4.digitsec.com/webhooks/bitbucket/<bitbucketSecret>. This URL (including the Bitbucket secret) has already been copied to the clipboard from step 3. So, you can paste it in the URL field below.
Note: DigitSec advises that you select the Pull requests: created/updated triggers. This will trigger the webhook on all major pull request events and is the intended way for using this integration.
- You must now create an App Password. Go to the profile and setting tab in the bottom left and click Personal Settings.
- On the page that loads up, please select App passwords. This will bring up a new screen. Please click the Create app password button. You will now see the screen below:
- Please designate a label for the app password and check Read and Write permissions for Pull Requests as shown above. Click the Create button which will refresh the page to show the app password. Please copy it to the clipboard. You may wish to also save it to a local file.
- Return to the browser window you left open in Step 3 that shows the Bitbucket tab of the S4 Salesforce org Info Screen. Enter the Repository Name (exactly as you have it on bitbucket), your Bitbucket Username and your Workspace Id in the corresponding fields. If you want S4 to create a new Pull Request based off of your current branch please select the check box for Is Pull Request Required.
Finally, paste the App Password from the previous step into the correct field.
Click Verify and Save.
- To verify this is working, please take an action that will activate the trigger you selected. Once you have finished this, the scan will have already begun. Scans typically take between 5 and 15 minutes. S4 will send a notification email once the scan has completed which will include a link to your S4 Findings Detail Report.
- The results from S4 will show up in the pull request comments as follows: