Embedding cloud security into developer workflows with Bridgecrew for Bitbucket Cloud and Code Insights

blank

As part of our mission to streamline cloud security and make it accessible to developers, we’ve been hard at work to support more developer tools and workflows. Today we’re thrilled to support Atlassian’s recent DevOps launch “to help developers take their time back and ship better code, faster” with our new Bitbucket integration.

Our new Bitbucket Cloud integration allows users to find, fix, and prevent security issues in infrastructure-as-code repositories on every commit.

 

Get started with Bridgecrew’s Bitbucket Cloud integration

Bridgecrew works by scanning infrastructure-as-code files and orchestration frameworks like Kubernetes, Terraform, and CloudFormation for misconfigurations and policy violations. With Bridgecrew’s Bitbucket Cloud integration, you can add Bridgecrew to any of your repositories that contain infrastructure-as-code files for continuous scanning and remediations.
It’s easy to get started.

Once you’ve signed up for a free Bridgecrew account, head to the integrations page, select Bitbucket, and add a new account. After you’ve authorized Bridgecrew in the Bitbucket Marketplace and have granted access to your account, you’ll be prompted to select the Bitbucket repositories you want to scan.

blank

Then, when Bridgecrew identifies issues, you can implement automated remediations straight from the platform via Bitbucket pull requests.

blank

It’s our goal to equip developers with both the insight and code needed to fix misconfigurations so that they can better implement cloud security best practices earlier than ever before.

 

Scan pull requests with Code Insights

Code Insights is a powerful tool for Bitbucket Cloud users, making it more transparent and efficient to analyze code quality within existing developer workflows.

Bridgecrew’s new integration also supports Code Insights, allowing users to get insight into infrastructure-as-code security issues earlier in the development lifecycle.

Once you’ve integrated Bridgecrew with your infrastructure-as-code repositories in Bitbucket, you’ll be able to see a full scan assessment on every new pull request. By viewing the assessment, you can see exactly what has passed and failed, as well as the severities and sources for each check.

blank

Bridgecrew’s Code Insights integration allows developers to get insight into cloud security issues earlier, and to fix and prevent issues from being deployed in the first place—all from within the Bitbucket user interface.

 

We’re excited to be working alongside Atlassian and the Bitbucket team to equip developers with the tools and workflows they need to build and secure amazing products.

Along with our bi-directional Jira integration, our new Bitbucket Cloud integration with support for Code Insights is a significant first step to embed into the Atlassian ecosystem. We look forward to expanding our current integrations to make it even more accessible for developers to get cloud security feedback throughout the developer lifecycle.

For more information about Bridgecrew and our Atlassian integrations, check out these resources: