Use an On-Premises Code Scanner to Scan Bitbucket Server IaCs

You can connect your Bitbucket repositories to an On-Premise code scanner and scan your code for violations. Perform the following tasks to connect your Bitbucket repositories to an on-premises scanner:

  1. Create a personal access token in Bitbucket Server.

  2. Authorize the on-premise code scanner to access Bitbucket Server.

  3. Connect an IaC from Bitbucket Server to Tenable Cloud Security project.

  1. Sign in to the Bitbucket server with administrator level account credentials.

  2. Navigate to Profile picture > Manage account > Personal access tokens.

  3. Click Create token.

  4. Configure the values as follows:

  5. Click Create.

  6. Note the personal access token provided.

  1. Launch the URL displayed in the output of the on-premise code scanner deployment. For more information, see Deploy an On-Premises Code Scanner.

    The On Premise Scanner Management Console page appears. You can now authorize the on-premise code scanner with different Source Code Management (SCM) providers.

  2. In the Configure servers section, provide the following:

    • In the Repository Server Address box, type the repository server address.

    • In the On-premise code scanner address (use port:9020) box, type the code scanner address.

  3. Click Continue.

    The Configure cloud (Optional) section appears.

  4. (Optional) In the Select cloud provider drop-down box, select one of the following options:

      1. In the AWS Access Key box, type the AWS access key.

      2. In the AWS Secret Key box, type the AWS secret key.

      • Click Upload to upload your service account credentials file.

      1. In the Azure Client ID box, type the Azure client ID.

      2. In the Azure Tenant ID box, type the Azure tenant ID.

      3. In the Azure Subscription ID box, type the Azure subscription ID.

      4. In the Azure Client Secret box, type the Azure client secret.

    5. Note: The on-premise code scanner requires your cloud account details when you enable Plan based setup to scan your repositories. For more information, see Connect Repositories.
  5. Click Continue.

    The Setup authentication section appears.

  6. In the Select repository server drop-down box, select Bitbucket.
    Tenable Cloud Security displays an information form for Bitbucket.

  7. Provide the following:

    1. In the Personal Access Token box, type the personal access token. For more information about how to obtain the personal access token, see To create a personal access token in Bitbucket Server:

    2. Click Submit.

  8. (Optional) In the Other Settings section, click the Allow on-premise code scanner to send logs to Tenable Cloud Security toggle.

    9. Tenable Cloud Security redirects you to the Bitbucket Enterprise server to authorize the permissions on the OAuth Application. A message confirms successful authorization and Bitbucket redirects you to the On-premise code scanner page.

  1. Access Tenable Cloud Security.

  2. In the left navigation bar, click the icon.

  3. Click Connection > Repository.
    The Connect to repository page appears.

  4. In the Choose a workflow to discover repo(s) section, select Version control.
  5. Click Continue.

    The Connect to a version control provider section appears.

  6. In the Connect to a version control provider section, select Bitbucket and On-premise Code Scanner.

  7. Click Continue.

    The Choose onboarding repositories section appears.

  8. Select the required repository.

  9. Hover over the selected repository and click to configure the advanced settings.

    For more information, see Repository Configuration Parameters.

  10. Click Continue.

    The Choose projects to add the repository to section appears.

  11. Select the project that you want to connect to the repository.

  12. Click Connect.

    A message confirms that Tenable Cloud Security connects the Bitbucket IaC repository to the selected project.