Skip to main content
With the Bitbucket integration, you can connect your repositories to Plerion Code Security. This enables automatic scanning for IaC and SCA issues, giving developers early feedback and helping teams resolve issues before they reach production.

Steps to integrate Bitbucket with Plerion

1

On the Plerion dashboard, go to Settings > Integrations

Plerion dashboard showing Settings expanded with Integrations selected
2

Find Bitbucket and click the + button

Add a Bitbucket integration
3

Click on Install and review the permissions

Install Bitbucket app option in Plerion
4

After installation, you will be redirected to the Plerion platform

Plerion integration page showing Bitbucket connected

Configuring your Bitbucket integration

Once installed, you can configure the Bitbucket integration to suit your workflows. These options control which workspaces are scanned, when and how scans run, how issues are handled, and what rules apply.

Bitbucket workspaces

Selects which Bitbucket workspaces to scan.
  • Default: All

Bitbucket code scanning

Controls whether Plerion Code Security is active.
  • Default: Enabled
  • When disabled: Pauses all scanning activities, including scheduled and pull request scans
  • Recommendation: Keep enabled unless there is a specific need to pause
Integration status toggle in Plerion

Scheduled scans

Runs automatic daily scans of your main branches.
  • Default: Enabled
  • Purpose: Ensures continuous monitoring of production-ready code
  • Key points:
    • No manual input required
    • Helps identify risks over time
    • Best for stable branches
Scheduled scans configuration in Plerion

Pull request scanning

Scans code in new and updated pull requests.
  • Default: Enabled
  • What it does:
    • Scans only changes in the pull request
    • Posts findings as comments in Bitbucket
    • Uses Bitbucket status checks to block insecure merges
  • Supported file types: YAML, Terraform, JSON, and other IaC files
  • Why it matters: Prevents vulnerabilities from merging, encourages secure practices, and improves developer awareness
Pull request scanning configuration in Plerion

Tolerance for blocking pull requests

Controls when pull requests are blocked based on severity.
  • Default: Do not block pull requests
  • Options:
    • Only block for critical findings
    • Block for high and critical findings
    • Block for medium and above findings
    • Block for any finding
    • Do not block pull requests
  • Best use: Choose based on your team’s risk tolerance, development velocity, and compliance needs
Tolerance configuration options in Plerion

Profile

Defines which detection rules are used during scans.
  • Default: Organization’s default profile
  • Options: Use an existing profile or create a new one
  • Where to manage: Detection Settings
  • Best use: Align with coding standards, risk tolerance, and compliance needs
Profile selection in Plerion Bitbucket integration

Best practices

  • Keep the integration enabled for continuous coverage
  • Use scheduled scans to secure long-term branches
  • Enable PR scanning to prevent insecure code from merging
  • Set PR blocking tolerance based on your security posture
  • Select a detection profile that matches your organization’s needs
I