Threatrix Documentation
Threatrix
  • Getting Started
  • Developer Quick Start
  • SecureShip
    • Artifactory Scanning
    • ThreatAgent Scanning
  • Threat Center
    • Creating Account
      • OAuth Login
    • Entity Dashboard
    • User Profile
  • AICertify
    • Reviewing Results
  • codecertify
    • Quick Start
    • Project Summary Tab
    • Components Tab
      • Custom Components
        • Adding
        • Editing
        • Important Notes
      • Header Panel
      • Module Tree Panel
      • Results Panel
        • Card View
        • Risk Graph View
      • Audit History
    • Assets Tab
      • Custom Asset Matches
        • Adding Asset Match
  • securecore
    • Project Dashboard
    • ThreatScan
    • Scan Results
  • Threat Agent
    • Threat Agent Overview
    • Threat Agent - Installation & Scanning
    • Scan Summary Reports
    • Resolving Errors
    • Scanning Container Images
  • Integrations
    • Dependency Managers
      • RENV
    • Build Integrations
      • AWS CodeBuild
      • Azure DevOps
      • Bitbucket Pipeline
      • CircleCI
      • GitHub Action
      • GitLab Pipeline
      • Jenkins Pipeline
    • SCM Integrations
      • GitLab
      • Bitbucket
    • Issue Management
      • Jira
    • Notifications
  • Policy Management
    • Policy Overview
    • Creating Policies
    • Policy Conditions
    • Policy Actions
    • Policy Scopes
  • Administration
    • User Management
    • Organization Settings
      • Organization Knowledge Base
      • Integration
        • Slack Integration
        • Jira Integration
        • Service Keys
    • RBAC
    • Entity Management
    • Okta
      • Okta Org2Org Integration
  • GraphQL API
    • API Overview
  • Resources
    • Dependency Managers
      • PIP
    • Dictionary
    • Licenses
    • Security & Privacy
    • Binary File Support
  • Hybrid / On Premise
    • Getting Started
    • Installation
    • Upgrade
    • Setup
    • Cloud Data Disclosure
    • Troubleshooting
Powered by GitBook
On this page
  • Common Build Integration Documentation
  • Environment Variables
  • Install Environment Variables
  • Add ThreatAgent to your build step
  • Option 1: Add Docker Threat Agent Step to Build
  • Option 2: Add Docker Threat Agent Step to Build

Was this helpful?

  1. Integrations
  2. Build Integrations

Bitbucket Pipeline

PreviousAzure DevOpsNextCircleCI

Last updated 11 months ago

Was this helpful?

Common Build Integration Documentation

This documentation is specific to Gitlab. documentation should be reviewed before proceeding further.

Environment Variables

Environment variable values can be found in your .

  • THREATRIX_OID - Your organization ID.

  • THREATRIX_EID - Your entityID (if you wish to override your default).

  • THREATRIX_API_KEY - Personal or organization API key.

Install Environment Variables

This step may require administrative privileges within Gitlab

  1. From your avatar in the bottom left, select a workspace.

  2. Select Settings on the left navigation sidebar to open your Workspace settings.

  3. In the menu on the left, go to Pipelines > Workspace variables.

  • Workspaces variables can be overridden by repository variables.

  • Workspace variables can be accessed by all users with the write permission for any repository (private or public) that belongs to the team or account.

  • You must be an administrator of a workspace or a repository to manage variables respectively.

Click "Add Variable" to add THREATRIX_OID and THREATRIX_API_KEY and optionally, a THREATRIX_EID for which the API key has permissions to create projects.

Add ThreatAgent to your build step

You have two options to add Threatrix TheatAgent to your build step.

1) Using our ThreatAgent CLI directly. This is the best option if you already have Java installed on your build server or you have a complex build environment

2) Use our Dockerized agent.

Option 1: Add Docker Threat Agent Step to Build

In Bitbucket, in your repository you wish you run your scan, create a bitbucket-pipelines.yml file and add the following contents.

- step:
  name: ThreatScan
  script:
    - curl -LJO https://github.com/threatrix/threat-matrix/releases/download/agent-release-latest/threat-agent-v2.1.2.jar
    - java -jar threat-agent-v2.1.2.jar 

Option 2: Add Docker Threat Agent Step to Build

In Bitbucket, in your repository you wish you run your scan, create a bitbucket-pipelines.yml file and add the following contents.

- step:
  caches:
    - docker
  name: ThreatScan
  script:
    - printenv > host.env
    - docker run -v $(pwd):/app --env-file=host.env threatrix/threat-agent ./
Common build server
user profile
https://support.atlassian.com/bitbucket-cloud/docs/variables-and-secrets/#User-defined-variables