Bitbucket Integration

MergeBase provides a Bitbucket Connect app (CodeGreen App) to seamlessly integrate code from designated Bitbucket repositories into MergeBase for comprehensive scanning. Additionally, it enables near real-time scanning of submitted commits. It scans build files from your Bitbucket repositories and integrates the results directly to the MergeBase dashboard for your centralized view.

Integrating Bitbucket Repositories with MergeBase

First, on the MergeBase dashboard home page illustrated above, go to the Settings page, and click the Bitbucket Integration tab.

Then click the “Install MergeBase Bitbucket App” button.

You will then be redirected to the Bitbucket website.

• If you haven’t logged into Bitbucket, you'll encounter the login page to authenticate your credentials.
• For users with multiple Bitbucket workspaces, the workspace selection screen will be shown.

If it is not already enabled, you will need to enable development mode to install the MergeBase bitbucket app integration. Bitbucket will prompt you to enable this setting. This is because a custom app is generated for your unique dashboard.

Upon reviewing the list of permissions, click the “Grant Access” button.

After being redirected back to the MergeBase, the authorized repositories will be listed on the page. You can select repositories for scanning as needed.

Managing Your Bitbucket Integration

You can utilize the search function to find repositories. Selected repositories that do not match the search keywords will also appear in the search results.

Upon clicking the “Save and Scan” button, The checklist’s selection status will be saved for further actions. The selected repositories will be scanned immediately and asynchronously. The popped-up modal window will display the scanning progress of each repository. When all scans are completed, the “Go to Overview” button will become enabled. Clicking it will allow you to navigate to the overview page where the scan results are displayed.

• Please note that the scanning process might take some time, so it’s advisable not to select too many repositories at one time.

• There are some specific cases related to programming languages of the repository where scanning is unavailable:

  The repository requires compilation:

  C/C++
  
  DotNet
  

  The repository requires lock files:

  NPM (JavaScript): package-lock.json
  
  Yarn (JavaScript): package-lock.json
  
  Gem (Ruby): Gemfile.lock
  
  Composer (PHP): composer.lock
  

If the “All commits and pull requests” checkbox is selected, scans will be initiated for new commits and pull requests.

• Please note that it involves scanning with a 10-minute interval instead of a real time scanning.

Opting for "Daily (On change only)" will trigger daily scanning whenever there are new code changes.

To delete an installation, click the “Delete the installation” button corresponding to the specific Bitbucket account. Subsequently, both the installation within MergeBase and the corresponding installation on Bitbucket will be erased.

• Please note that, if the installation is directly removed from Bitbucket, the corresponding installation will also be eliminated the next time you log in to MergeBase and navigate to the settings page.

If you want to access this page directly, proceed to the “Settings” page in the left hand navigation as illustrated below, and then access the “Bitbucket Integration” tab along the top.