- Ensure requirements are satisfied on linux system, especially docker support and https inbound / outbound connectivity
- Download / clone the ThreatWorx Bitbucket App repository
git clone https://github.com/threatworx/bitbucket_app.git
- Run the setup.sh script to create self signed certificates
cd bitbucket_app ./setup.sh
If you have ssl certificates, copy them to the
configdirectory and edit theuwsgi.inito use your certificates
[uwsgi] ... https = =0,/opt/tw_bitbucket_app/config/my.cert,/opt/tw_bitbucket_app/config/my.key,... ...
- Start the app service by running the
docker composeor thedocker-composecommand
docker compose up -d
- Point a browser to
https://linux-systemto configure the app service
The browser will complain about the self signed certificate if are using one
Please be sure to replace it with an appropriate ssl certificate
- Provide required details of your ThreatWorx subscription on the form
- Provide Bitbucket access token
- Select required options for app service and click
Configure
These options can be changed later by editing the
./config/config.inifile
App will initially do a complete dependency vulnerability scan for all selected repositories
After that, any push will trigger a rescan of the change that is committed