Bitbucket Self-Hosted
Notice
It is possible to add the Checkmarx One external IP addresses to the customer Firewall whitelist - For more information see Checkmarx One External IPs
In addition, if the code repository is not internet accessible, it is possible to configure the code repository IP address instead of its hostname during the initial integration with the code repository - as it is not resolved via DNS.
Overview
Checkmarx One supports Bitbucket integration, enabling automated scanning of your Bitbucket projects whenever the code is updated. Checkmarx One’s Bitbucket integration listens for Bitbucket commit events and uses a webhook to trigger Checkmarx scans when a push, or a pull request occurs. Once a scan is completed, the results can be viewed in Checkmarx One.
In addition, for pull requests, a comment is created in Bitbucket, which includes a scan summary, list of vulnerabilities and a link to view the scan results in Checkmarx One.
Notice
This integration supports both public and private git based repos.
The integration is done on a per project basis, with a specific Checkmarx One Project corresponding to a specific Bitbucket repo.
Notice
You can select several repos to create multiple integrations in a bulk action.
Prerequisites
The source code for your project is hosted on a Bitbucket repo.
You have a Checkmarx One account and have credentials to log in to your account.
The Bitbucket user has Admin privileges for this repository, see Bitbucket
To retrieve your Bitbucket Username & Token, perform the following steps:
In your Bitbucket account, click on your user > View Profile
Retrieve your Username.
To create a Token, click on your user > Manage account
Click on Personal access tokens
Click on Create a token
Setting up the Integration and Initiating a Scan
To integrate your self hosted (on-prem) Bitbucket organization with Checkmarx One, perform the following:
In the Applications and Projects home page, click on the
button and then select New Project - Code Repository Integration. 
The Import From window opens.
Select the Self-hosted → Bitbucket
Configure the following fields and click Next:
Domain Name or IP Address - Your Bitbucket Self-Managed domain.
For example: http://<domain name.com>/ or http://<IP address.com>/
Username - for more information see Retrieving Bitbucket Username & Token
Token - for more information see Retrieving Bitbucket Username & Token
Select the Bitbucket Organization or Group (for the requested repository) and click Select Organization
Click Back to return to the Select Service screen
Note
A separate Checkmarx One Project will be created for each repo that you import.
There can’t be more than one Checkmarx One Project per repo. Therefore, once a Project has been created for a repo, that repo is greyed out in the Import dialog.
In the Repositories Settings screen, perform the following and click Next
Click Back to return to the Select Repositories screen.
Select the scanners for All/Specific repositories.
Select which Protected Branches to scan for each Repository.
Note
For additional information about Protected Branches see About Protected Branches
It is possible to specify the Groups to which you would like to assign the Project.
You can also add Tags to the Project. Tags can be added as a simple strings or as key:value pairs
Select which Protected Branches to scan for each Repository and click Next
Click Back to return to the Repositories Settings screen.
Note
For additional information about Protected Branches see About Protected Branches
In the Advanced Options screen it is possible to select Scanning the default branch upon the creation of the Project
You also must select the default branch for the automatic scan, as Bitbucket doesn't have a default one.
Click Create Project
Click Back to return to the Select Branches screen.
The Project is successfully added to the Applications and Projects home page.
Note
In order to update the scanners see Imported Project Settings
