Mobb User Docs
Start NowBlogsWatch NowContact Us
  • What is Mobb?
  • What's New with Mobb
  • Supported Fixes
  • Getting Started
    • System Requirements
    • Onboarding Guide
      • Registering a Mobb account
      • Try Mobb now!
      • Running Mobb against your own code
      • Automate Mobb in a CI/CD pipeline
    • Working with the Fix Report
    • Mobb CLI Overview
      • Analyze Mode
      • Scan Mode
      • Add SCM Token Mode
      • Review Mode
      • Convert-to-SARIF Mode
      • Common Deployment Scenarios
  • Mobb Dashboard
  • Integrating SAST Findings
    • Checkmarx
      • Generating Checkmarx One JSON Report from CLI
    • Snyk
    • SonarQube
      • Generating a SonarQube SAST Report
    • Fortify
    • CodeQL
    • Semgrep/Opengrep
      • Generating a Semgrep SAST Report
      • Generating an Opengrep SAST Report
  • CI/CD Integrations
    • GitHub Actions
      • GitHub Fixer for CxOne
      • GitHub Fixer for Opengrep
    • GitLab Pipeline
    • Azure DevOps
    • Jenkins
    • CircleCI
    • Bamboo
    • Bitbucket Pipeline
  • Administration
    • User Management
    • Project Settings
    • Access Tokens
    • Organization-Level Fix Policy
    • Integrations Page
    • SAML Single Sign-On Flow
  • More Info
    • Mobb Broker
      • Mobb Broker Token Rotation
      • Secure storage of Mobb broker in AWS Secrets Manager
    • Providing Fix Feedback
    • Frequently Asked Questions (FAQ)
    • Data Protection and Retention
    • Service Level Agreement
  • Fixing Guides
    • SQL Injection
    • Path Traversal
    • Log Forging
    • XSS
    • XXE
    • Server Side Request Forgery
    • HttpOnly Cookie Vulnerabilities
    • Hardcoded Domain in HTML
    • Hardcoded Secrets
    • HTTP Response Splitting Attacks
    • Insecure Cookie Vulnerabilities
    • Insecure Randomness
    • Missing Check against Null
    • Missing Rate Limiting
    • Regex Missing Timeout
    • System Information Leakage
  • Mobb REST API Guide
Powered by GitBook
On this page
  • Setting up environment variables
  • Creating the Bitbucket Pipeline
  • Viewing the Mobb Report Link

Was this helpful?

  1. CI/CD Integrations

Bitbucket Pipeline

PreviousBambooNextAdministration

Last updated 6 months ago

Was this helpful?

Mobb can be integrated into any CI/CD platform of your choice. This guide will demonstrate the integration process with Bitbucket Pipeline.

Setting up environment variables

In your bitbucket environment, first go to your repository, followed by Repository Settings -> Repository Variables.

In this sample integration, we are using Snyk as our SAST tool, however, you may use any SAST report that Mobb supports. See system requirements for more details on the SAST tools Mobb support today.

Creating the Bitbucket Pipeline

The next step is to configure your Bitbucket Pipeline. To create a new pipeline, go to your repository and select Pipelines. Click Click Create your first pipeline to scroll down to the template section.

Click on Starter pipeline.

Insert the following YAML:

# Mobb/Snyk Fixer on pull requests in Bitbucket
# This pipeline defines the needed steps to run Snyk Code on every pull request and pass the results to Mobb Fixer.
#
# SNYK_API_TOKEN - your Snyk user credentials (find how to get it here: https://docs.snyk.io/getting-started/how-to-obtain-and-authenticate-with-your-snyk-api-token)
# MOBB_API_TOKEN - your Mobb user credentials (automatically set if you forked this repo via the Mobb app)
# BITBUCKET_ACCESS_TOKEN- your Bitbucket Access Token (Ensure you have write access for repository)
image: node:18

pipelines:
  pull-requests:
    '**':
      - step:
          name: Scan with Snyk and Fix with Mobb Auto-PR
          caches:
            - node
          script:
            - npx snyk auth $SNYK_API_TOKEN
            - npx snyk code test --sarif-file-output=report.json || true
            - pipe: atlassian/bitbucket-upload-file:0.7.3
              variables:
                FILENAME: 'report.json'
                BITBUCKET_ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN
          artifacts:
            - report.json
      - step:
          name: Run Mobb on the findings and get fixes
          script:
            - # Setting up the repoURL. Convert http to https
            - repoURL=$BITBUCKET_GIT_HTTP_ORIGIN
            - |
              if [[ $BITBUCKET_GIT_HTTP_ORIGIN =~ ^http:// ]]; then
                repoURL=${BITBUCKET_GIT_HTTP_ORIGIN/http:/https:}
              fi
              echo "repoURL: $repoURL"
            - mobbLink=$(npx mobbdev@latest analyze -f report.json -r $repoURL --ref $BITBUCKET_BRANCH --api-key $MOBB_API_TOKEN --ci)
            - echo "Mobblink:" $mobbLink
            - # Output the Mobb Link as a Report in the Bitbucket Pipeline
            - |
              curl --request PUT "https://api.bitbucket.org/2.0/repositories/$BITBUCKET_WORKSPACE/$BITBUCKET_REPO_SLUG/commit/$BITBUCKET_COMMIT/reports/mobb-001" \
              --header "Authorization: Bearer $BITBUCKET_ACCESS_TOKEN" \
              --header 'Content-Type: application/json' \
                --data-raw '{
                  "title": "Mobb Report",
                  "UUID": "73214fbb-5d24-4265-a311-50447c8a785d",
                  "details": "Click the link above to access the Mobb Link.",
                  "report_type": "SECURITY",
                  "reporter": "mobb",
                  "link": "'"$mobbLink"'",
                  "result": "PASSED",
                  "remote_link_enabled": true
                }'         

You are now fully configured to run Snyk on every pull request and provide the SAST report to Mobb to generate fixes.

Viewing the Mobb Report Link

The YAML is configured to publish the Mobb report link to the Report section of your pipeline. To view your Mobb report link, first go to Pipelines. Look for the Reports link as shown:

After the Report list opens, look for Mobb report on the left hand side, then click on the Mobb Report link.

This will effectively take you to the relevant Mobb report which you can proceed to commit the fixes back into your Bitbucket repository.

SNYK_API_TOKEN - Snyk's API token. Click to find out how to generate one.

MOBB_API_TOKEN - Mobb's API Token. Click to find out how to generate one.

BITBUCKET_ACCESS_TOKEN - Your Bitbucket's Access Token. Click to find out how to generate one. Ensure you have at least repository: write access.

here
here
here