Bitbucket Pipelines adds Continuous Delivery to Bitbucket Cloud.

Since it is built on docker RIPS can be quickly integrated using our rips-cli docker container.

Setup

The RIPS Scan can be added as a pipeline step to the bitbucket-pipelines.yml file. The following example showcases this setup that breaks the build if the analysis detects more than one security vulnerability:

pipelines:
  default:
    - step:
        name: RIPS Scan
        image: rips/rips-cli:3
        script:
          - rips-cli -vvv rips:scan:start -a $RIPS_APP_ID -p $BITBUCKET_CLONE_DIR -t 1

Configuration

For a successfull scan you need to configure your credentials and the RIPS endpoint. This takes place in Settings → PIPELINES → Environment Variables. The sensitive parameters should be added as "masked and encrypted variables" (closed lock symbol).

On-Premises Security

Bitbucket Pipelines is a remote service. If you are using RIPS on-premises as a local installation you will need to open the API port (default: 8080) of your RIPS server so it can be accessed by Bitbucket.

Although your API requires your login credentials for authentication, we recommend to restrict remote connections to your API port to the IP addresses of Bitbucket.

Further, we recommend to setup a SSL proxy so your traffic from Bitbucket to your server is encrypted. You can find instructions in the advanced section of our installation manual.

Further Reading

Since it is the rips-cli that is running in the docker container it is best to consult the rips-cli documentation to find out more commands and configuration options.