: Onboard a Bitbucket App to SSPM
Focus
Focus

Onboard a Bitbucket App to SSPM

Table of Contents

Onboard a Bitbucket App to SSPM

Connect a Bitbucket instance to SSPM to detect posture risks.
For SSPM to detect posture risks in your Bitbucket instance, you must onboard your Bitbucket instance to SSPM. Through the onboarding process, SSPM connects to a Bitbucket API and, through the API, scans your Bitbucket instance for misconfigured settings. If there are misconfigured settings, SSPM suggests a remediation action based on best practices.
To onboard your Bitbucket instance, you complete the following actions:

Identify the Administrator Account for Granting SSPM Access

During the onboarding process, SSPM will redirect you to log in to Bitbucket. After you log in, Bitbucket will prompt you to grant SSPM the access it needs to your Bitbucket instance.
  1. Verify that your account has administrator permissions.
  2. Sign out of all Bitbucket accounts.
    Signing out of all Bitbucket accounts helps ensure that you sign in under the correct account during the onboarding process. Some browsers can automatically sign you in by using saved credentials. To ensure that the browser does not automatically sign you in to the wrong account, you can turn off any automatic sign-in option or clear your saved credentials. Alternatively, you can prevent the browser from using saved credentials by opening the Cloud Management Console in an incognito window.

Connect SSPM to Your Bitbucket Instance

By adding a Bitbucket app in SSPM, you enable SSPM to connect to your Bitbucket instance. You must consent to specific permissions when adding the Bitbucket app.
  1. From the Add Application Page (Posture SecurityApplicationsAdd Application), click the Bitbucket tile.
  2. Under posture security instances, Add Instance or, if there is already an instance configured, Add New instance.
    SSPM redirects you to the Bitbucket login page.
  3. Enter the credentials for the administrator account that you identified earlier, and log in to Bitbucket.
    Bitbucket displays a consent form that details the access permissions that SSPM requires.
  4. Review the consent form and allow access.