# Bitbucket Pipeline

### Common Build Integration Documentation

This documentation is specific to Gitlab. [Common build server](https://docs.threatrix.io/integrations/build-integrations) documentation should be reviewed before proceeding further.&#x20;

### Environment Variables

Environment variable values can be found in your [user profile](https://docs.threatrix.io/threat-center-1/user-profile).

* THREATRIX\_OID - Your organization ID.
* THREATRIX\_EID - Your entityID (if you wish to override your default).
* THREATRIX\_API\_KEY - Personal or organization API key.

### Install Environment Variables

{% hint style="warning" %}
This step may require administrative privileges within Gitlab
{% endhint %}

<https://support.atlassian.com/bitbucket-cloud/docs/variables-and-secrets/#User-defined-variables>

1. From your avatar in the bottom left, select a workspace.
2. Select **Settings** on the left navigation sidebar to open your Workspace settings.
3. In the menu on the left, go to  **Pipelines** > **Workspace variables**.

* Workspaces variables can be overridden by repository variables.
* Workspace variables can be accessed by all users with the *write* permission for any repository (private or public) that belongs to the team or account.
* You must be an administrator of a workspace or a repository to manage variables respectively.

Click "Add Variable" to add THREATRIX\_OID and THREATRIX\_API\_KEY and optionally, a THREATRIX\_EID for which the API key has permissions to create projects.

![](https://3093892275-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MbsieSiu0D66DBFP4uh%2Fuploads%2Frsl9rDySGjNaqm4PGYQX%2Fimage.png?alt=media\&token=d3cb5335-ae23-4027-8623-7ea3c0c83f91)

### Add ThreatAgent to your build step

You have two options to add Threatrix TheatAgent to your build step.&#x20;

1\) Using our ThreatAgent CLI directly. This is the best option if you already have Java installed on your build server or you have a complex build environment

2\) Use our Dockerized agent.

### Option 1: Add Docker Threat Agent Step to Build

In Bitbucket, in your repository you wish you run your scan, create a bitbucket-pipelines.yml `file` and add the following contents.

```
- step:
  name: ThreatScan
  script:
    - curl -LJO https://github.com/threatrix/threat-matrix/releases/download/agent-release-latest/threat-agent-v2.1.2.jar
    - java -jar threat-agent-v2.1.2.jar 
```

### Option 2: Add Docker Threat Agent Step to Build

In Bitbucket, in your repository you wish you run your scan, create a bitbucket-pipelines.yml `file` and add the following contents.

```
- step:
  caches:
    - docker
  name: ThreatScan
  script:
    - printenv > host.env
    - docker run -v $(pwd):/app --env-file=host.env threatrix/threat-agent ./
```