Bitbucket Pipeline

Last updated 6 months ago

Was this helpful?

Bitbucket Pipeline

Mobb can be integrated into any CI/CD platform of your choice. This guide will demonstrate the integration process with Bitbucket Pipeline.

Setting up environment variables

In your bitbucket environment, first go to your repository, followed by Repository Settings -> Repository Variables.

In this sample integration, we are using Snyk as our SAST tool, however, you may use any SAST report that Mobb supports. See system requirements for more details on the SAST tools Mobb support today.

Creating the Bitbucket Pipeline

The next step is to configure your Bitbucket Pipeline. To create a new pipeline, go to your repository and select Pipelines. Click Click Create your first pipeline to scroll down to the template section.

Click on Starter pipeline.

Insert the following YAML:

# Mobb/Snyk Fixer on pull requests in Bitbucket
# This pipeline defines the needed steps to run Snyk Code on every pull request and pass the results to Mobb Fixer.
#
# SNYK_API_TOKEN - your Snyk user credentials (find how to get it here: https://docs.snyk.io/getting-started/how-to-obtain-and-authenticate-with-your-snyk-api-token)
# MOBB_API_TOKEN - your Mobb user credentials (automatically set if you forked this repo via the Mobb app)
# BITBUCKET_ACCESS_TOKEN- your Bitbucket Access Token (Ensure you have write access for repository)
image: node:18

pipelines:
  pull-requests:
    '**':
      - step:
          name: Scan with Snyk and Fix with Mobb Auto-PR
          caches:
            - node
          script:
            - npx snyk auth $SNYK_API_TOKEN
            - npx snyk code test --sarif-file-output=report.json || true
            - pipe: atlassian/bitbucket-upload-file:0.7.3
              variables:
                FILENAME: 'report.json'
                BITBUCKET_ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN
          artifacts:
            - report.json
      - step:
          name: Run Mobb on the findings and get fixes
          script:
            - # Setting up the repoURL. Convert http to https
            - repoURL=$BITBUCKET_GIT_HTTP_ORIGIN
            - |
              if [[ $BITBUCKET_GIT_HTTP_ORIGIN =~ ^http:// ]]; then
                repoURL=${BITBUCKET_GIT_HTTP_ORIGIN/http:/https:}
              fi
              echo "repoURL: $repoURL"
            - mobbLink=$(npx mobbdev@latest analyze -f report.json -r $repoURL --ref $BITBUCKET_BRANCH --api-key $MOBB_API_TOKEN --ci)
            - echo "Mobblink:" $mobbLink
            - # Output the Mobb Link as a Report in the Bitbucket Pipeline
            - |
              curl --request PUT "https://api.bitbucket.org/2.0/repositories/$BITBUCKET_WORKSPACE/$BITBUCKET_REPO_SLUG/commit/$BITBUCKET_COMMIT/reports/mobb-001" \
              --header "Authorization: Bearer $BITBUCKET_ACCESS_TOKEN" \
              --header 'Content-Type: application/json' \
                --data-raw '{
                  "title": "Mobb Report",
                  "UUID": "73214fbb-5d24-4265-a311-50447c8a785d",
                  "details": "Click the link above to access the Mobb Link.",
                  "report_type": "SECURITY",
                  "reporter": "mobb",
                  "link": "'"$mobbLink"'",
                  "result": "PASSED",
                  "remote_link_enabled": true
                }'

You are now fully configured to run Snyk on every pull request and provide the SAST report to Mobb to generate fixes.

Viewing the Mobb Report Link

The YAML is configured to publish the Mobb report link to the Report section of your pipeline. To view your Mobb report link, first go to Pipelines. Look for the Reports link as shown:

After the Report list opens, look for Mobb report on the left hand side, then click on the Mobb Report link.

This will effectively take you to the relevant Mobb report which you can proceed to commit the fixes back into your Bitbucket repository.

PreviousBamboo NextAdministration