APIAikido login

Bitbucket CI: PR Gating via Aikido Dashboard

You can easily configure Bitbucket PR Gating via the Aikido interface. This functionality allows you to block any newly introduced issues for a certain threshold that you decide. This doc focusses on managing configurations in bulk - multiple repos at the same time - without code.

Use Cases

  • Bulk Repository Management: Easily specify and manage configurations for multiple repositories at once through the Aikido interface.

  • Zero Code Integration: Install the Aikido app on Bitbucket to manage checks without embedding any code, simplifying the setup process.

  • Cost Efficiency: By managing Bitbucket Checks through Aikido, avoid using CI minutes on Bitbucket, leading to significant cost savings.

Setting up Bitbucket CI

Step 1. Go to the Integrations Page and select Bitbucket Pipes in the CI gating section.

CI integration options for blocking risky code merges across popular platforms.

Step 2 (optional). Select PR Gating Configuration Via Aikido Dashboard in the modal that pops up. This will open up a new tab with Bitbucket to install the PR Checks App. Note: this modal will only popup if you have already used Bitbucket Pipelines in code.

Select a PR gating method for Bitbucket: dashboard or Bitbucket Pipelines.

Step 3. Consent to the Aikido PR Checks OAuth app in Bitbucket.

Aikido Security PR Checks requests repository and webhook access; user prompted to grant permission.

Step 4. Aikido redirects you to the Bitbucket CI page with an overview of your repos. You can start configuring your repos. We recommend starting out with 1 repo to make sure everything works well.

Step 5. Select repos in bulk and click Setup PR Scans button in the floating bulk actions bar on the bottom.

Step 6.This will trigger the modal to choose the severity level for failure and the scans you want to execute.

Repository security scan settings configuration panel for about-github project.

If you've added new repositories after the initial setup, you'll need to configure those repos as well.

From now on, for every new and updated pull request, Aikido will create a build status on the PR showing the status of the scan which will be visible in the "builds" section next to other pipeline statuses. When issues are found, Aikido will post a comment on the PR on the diff for SAST and leaked secret issues.

example pr with failed build status from Aikido

Adding Exceptions for specific repos

You might want to have 1 specific repo where the configuration slightly differs. You can easily add exceptions by clicking the triple dots on a repo item or just select 1 or more items and go through the Configure Scans process again.

Security scan configuration dashboard for repositories, showing severity and scan status by category.

Last updated

Was this helpful?