Bitbucket discovery

Overview

Twigs can discover all repositories in your enterprise Bitbucket account as assets. This can be used for self-hosted Bitbucket instances as well. The discovery of repositories works exactly like a regular git repository (“repo” mode in twigs). All options associated with the “repo” mode such as SAST checks, IaC checks, secrets scans etc. will work for Bitbucket discovery as well. Please refer to the documentation for repo mode for more details.

Authentication with Bitbucket

Supported authentication mode is using Bitbucket app passwords. Refer to this link for creating and managing Bitbucket app passwords.

The following CLI switches are important for authentication with Gitlab Enterprise:

  • --bb_user Refers to a Bitbucket user name
  • bb_app_password Refers to the app password associated with the user name. This has to have the necessary permissions to read repositories and associated metadata.
  • --bb_repo_url Refers to the API URL corresponding to your bitbucket workspace. Should look like https://api.bitbucket.org/2.0/repositories/<your workspace name>/

Prerequisites

Requirements for this mode are the same as “repo” mode in twigs. Please refer to the documentation for repo mode for more details.

Steps

  • You can run the command as below:

twigs bitbucket (--bb_user {user name} --bb_app_password {app password} --bb_repo_url {API url for your workspace}) [other twigs options for repo mode]

After discovery is complete, you can login into ThreatWorx Console to view the newly discovered assets from your Bitbucket account.

Example

$ twigs bitbucket --bb_user 'bb_user_name' --bb_app_password 'bb_user_app_password' --bb_repo_url 'https://api.bitbucket.org/2.0/repositories/my_bb_workspace'

Discover your repositories in specified BitBucket workspace as assets in ThreatWorx.