CI secret scanning for Bitbucket – BluBracket

To configure CI secret scanning for Bitbucket, you will need to create two pipeline variables and create or add to your yaml pipeline script.

Note: This CI integration supports scanning of pull requests.

Create Variables:

The following two pipeline variables need to be created whether you are creating a new pipeline or using an existing pipeline:

Name: BLUBRACKET_INTEGRATION_KEY

Value: Create a BluBracket Integration API token

Steps to create a BluBracket API token:
https://support.blubracket.com/hc/en-us/articles/4403018405140-Event-and-Alert-APIs

Name: BLUBRACKET_CI_CD_API

Value: https://[your BluBracket tenant name]/api/analyzer/commit/scan
Example: https://acme.blubracket.com/api/analyzer/commit/scan

Pipeline Script:
The following should be added to your pipeline script:

pipelines:
  pull-requests:
    '**':
      - step:
          name: 'Run BluBracket Secret Scan'
          image: blubracket/ci-cd-scan:latest
          script:
            - echo "Running BluBracket Secret scan"
            - export SYSTEM_PULLREQUEST_PULLREQUESTNUMBER=$BITBUCKET_PR_ID
            - export BLUBRACKET_CI_CD_TOKEN=$BLUBRACKET_INTEGRATION_KEY
            - export BUILD_REPOSITORY_URI=$BITBUCKET_GIT_HTTP_ORIGIN
            - env
            - cd /
            - entrypoint.sh

Related articles