Bitbucket Pipelines
Bitbucket Pipelines adds Continuous Delivery to Bitbucket Cloud.
Since it is built on docker RIPS can be quickly integrated using our rips-cli docker container.
Setup
The RIPS Scan can be added as a pipeline step to the bitbucket-pipelines.yml
file. The following example showcases this setup that breaks the build if the analysis detects more than one security vulnerability:
pipelines: default: - step: name: RIPS Scan image: rips/rips-cli:3 script: - rips-cli -vvv rips:scan:start -a $RIPS_APP_ID -p $BITBUCKET_CLONE_DIR -t 1
Configuration
For a successfull scan you need to configure your credentials and the RIPS endpoint. This takes place in Settings → PIPELINES → Environment Variables. The sensitive parameters should be added as "masked and encrypted variables" (closed lock symbol).
Name | Value |
---|---|
RIPS_APP_ID | The Application ID in RIPS under which the scans should be performed. |
RIPS_BASE_URI | URI of the RIPS API that should be used for scanning. |
RIPS_PASSWORD | Password of your RIPS user account that should be used for scanning. |
RIPS_EMAIL | Email of your RIPS user account that should be used for scanning. |
On-Premises Security
Bitbucket Pipelines is a remote service. If you are using RIPS on-premises as a local installation you will need to open the API port (default: 8080) of your RIPS server so it can be accessed by Bitbucket.
Although your API requires your login credentials for authentication, we recommend to restrict remote connections to your API port to the IP addresses of Bitbucket.
Further, we recommend to setup a SSL proxy so your traffic from Bitbucket to your server is encrypted. You can find instructions in the advanced section of our installation manual.
Further Reading
Since it is the rips-cli that is running in the docker container it is best to consult the rips-cli documentation to find out more commands and configuration options.