Skip to main content

Bitbucket

The AISafe Bitbucket integration connects your Bitbucket Cloud workspaces to AISafe. It provides source access for code audits, automated PR security review, and finding-to-issue export.

How it works

AISafe connects to Bitbucket Cloud via OAuth 2.0. Authorizing the AISafe application gives AISafe read access to your repositories, so AISafe can clone source code for code audit assessments. The integration supports Bitbucket Cloud (bitbucket.org). AISafe does not support Bitbucket Server/Data Center.

If your Bitbucket account has access to multiple workspaces, AISafe asks you to select which workspace to connect after authorization. The connection activates once you choose a workspace.

Organization vs personal connections

  • Organization connections are visible to your entire AISafe organization. Org owners and admins manage them.
  • Personal connections are visible to you. All members can access them subject to your organization's policy.

Both types of connections appear in the same Available repositories list when creating a new assessment.

Connecting Bitbucket

  1. Navigate to Integrations in the AISafe dashboard.
  2. Under Organization Integrations (owners/admins only) or Personal Integrations, click Connect Bitbucket.
  3. Bitbucket redirects you to authorize AISafe. Grant access to the workspaces and repositories you want to scan.
  4. If you have access to multiple workspaces, select the one you want to connect.
  5. After authorization, your Bitbucket repositories appear in the Available repositories table alongside any GitHub or GitLab repositories.

Source access for code audits

For a code audit assessment against a connected Bitbucket repository, AISafe uses the OAuth token to clone the code. The token's scope covers the repositories you authorized, and AISafe uses it for the duration of the scan.

For public repositories, provide the URL. You do not need a Bitbucket connection.

PR review

Bitbucket repositories bound to a project support PR review. AISafe receives pull request webhooks and posts security review comments on the pull request, mirroring the GitHub and GitLab PR review flows.

Issue export

You can export findings as Bitbucket issues from the assessment findings page. Configure issue export on the per-assessment Settings page by selecting a Bitbucket connection and target repository.

Bitbucket Cloud repositories ship with issue tracking disabled by default. If the target repository does not have issues enabled, AISafe returns an error pointing you to the repository setting to turn it on. The issue body includes finding metadata (severity, CWE, links).

When separate scans rediscover a finding with the same non-empty root-cause fingerprint, AISafe reuses the existing Bitbucket issue for that target repository instead of creating another issue. Findings without a fingerprint keep per-finding issue export behavior.

Limitations

  • Bitbucket Cloud only: AISafe does not support Bitbucket Server/Data Center.
  • Workspace selection required: if your account can access multiple workspaces, you must select one before repositories sync.
  • No label export: Bitbucket Cloud's issue API does not support portable labels, so the issue body encodes finding labels.