Bitbucket integration
DevOps & CI/CD
Bitbucket is where a lot of Atlassian-shop teams keep their code and run their CI through Bitbucket Pipelines — and it's also the system of record for where deployable assets come from. The FortWatch Bitbucket integration (currently in development) will connect your external attack surface findings to the place your developers already work, turning an exposed Redis port or an expiring TLS certificate into a Bitbucket-native signal — a pull request annotation, a Code Insights report, or a tracked work item — instead of yet another dashboard to remember to check.
Exposed Redis on 203.0.113.10:6379
Unauthenticated database reachable from the internet.
View finding & step-by-step fix →Bitbucket + FortWatch
FortWatch will connect to Bitbucket Cloud through an Atlassian Connect/Forge app authorized with OAuth, scoped to the workspaces and repositories you choose. Inbound, FortWatch subscribes to repository and pull-request webhooks so a merge or deploy can trigger or refresh a scan of the affected public assets. Outbound, when a scan detects a new exposure FortWatch uses Bitbucket's REST and Code Insights APIs to post results where developers see them: a Code Insights report attached to the relevant commit or pull request, with per-line annotations when a finding maps to a tracked file (for example an exposed .env or a hard-coded endpoint), plus a build status that can gate the PR. For teams that prefer CI-driven checks, a FortWatch pipe for bitbucket-pipelines.yml will let you run a scan as a pipeline step and fail the build above a severity threshold you set. Because FortWatch is an external scanner, it reports on your live internet-facing assets — it does not push code, read source beyond the metadata Bitbucket exposes, or alter your repositories.
FortWatch scans
Eleven scanners watch your external attack surface around the clock — ports, certs, DNS, cloud buckets, exposed files and more.
AI triages the finding
Each issue is scored by real-world impact and packaged with the affected asset and a one-line explanation of the risk.
Delivered to Bitbucket
The finding lands in Bitbucket, routed by severity — so the right people see the right alert, fast.
What you'll be able to do
Everything the Bitbucket integration will bring to your security workflow.
Gate pull requests
attach a FortWatch Code Insights report and build status to a PR so a critical exposure blocks merge until it is acknowledged or fixed.
CI security step
add the FortWatch pipe to bitbucket-pipelines.yml and fail the build when a scan finds findings above your severity threshold (e.g. any critical or high).
PR annotations on real artifacts
when a finding maps to a file in the repo — an exposed .env, a public bucket reference, a hard-coded internal host — surface it as an inline annotation on the diff.
Trigger scans on deploy
use Bitbucket deployment or merge webhooks to kick off a fresh external scan of the assets that just changed.
Atlassian-native workflow
pair with the FortWatch Jira integration so a Bitbucket-surfaced finding becomes a tracked, assignable Jira issue in the same toolchain.
Per-repo asset mapping
associate a repository or workspace with the domains and IPs it deploys, so findings land on the right PRs and the right teams.
What an alert looks like
Every finding arrives formatted for Bitbucket — severity up front, the affected asset, and a one-line explanation of why it matters, with a link straight to the step-by-step fix.
- Severity-tagged and color-coded
- The exact asset and port affected
- One click to the full finding & remediation
BitbucketFortWatch · Code Insights report on PR #482 (cache-service → main)\nResult: FAILED · 1 critical, 0 high\n\n[CRITICAL] Exposed Redis on 203.0.113.10:6379\nUnauthenticated Redis is reachable from the internet — anyone can read, flush, or pivot from this host.\nAsset: cache-prod-1 · First seen: this scan\nAnnotation: infra/redis.tf:23 — bind set to 0.0.0.0, no auth\n\nMerge blocked until acknowledged. → Open finding & step-by-step fix in FortWatch
Set it up in minutes, once it lands
No agents, no infrastructure changes — just connect Bitbucket and choose where alerts go.
When it launches, install the FortWatch app from the Atlassian Marketplace and authorize it for the Bitbucket workspaces you want to monitor.
Pick the repositories to connect and map each one to the domains and IPs it deploys, so findings land on the right pull requests.
Choose how findings appear: Code Insights reports and PR build status, inline annotations, or both — and set the severity threshold that fails a check.
Optional: add the FortWatch pipe to your bitbucket-pipelines.yml to run a scan as a CI step on every build or deployment.
Run a test scan, confirm the report and annotations render on a sample PR, then switch it on for the workspace.
Why route FortWatch into Bitbucket?
External exposures are usually introduced by a code or infrastructure change, so the fastest place to catch them is the pull request that shipped them. Wiring FortWatch into Bitbucket puts findings in front of developers at the moment of change — as a check they have to look at, not an alert they can ignore — and keeps your security signal inside the Atlassian toolchain your team already runs on.
Frequently asked questions
Is the Bitbucket integration available yet?
Not yet — it is in active development. Add your email on this page and we will notify you the moment it ships.
Does FortWatch read or change my source code?
No. FortWatch is an external scanner that tests your live internet-facing assets. The Bitbucket integration only reads the repository and PR metadata Bitbucket exposes and writes results back as Code Insights reports, annotations, and build statuses — it never pushes commits or modifies your code.
Will it support Bitbucket Pipelines and self-hosted Bitbucket?
Yes to Pipelines — a FortWatch pipe for bitbucket-pipelines.yml is part of the planned launch. Initial support targets Bitbucket Cloud via the Atlassian Connect/Forge app; Bitbucket Data Center (self-hosted) support is on the roadmap after Cloud ships.
Want the Bitbucket integration when it ships?
We'll email you the moment it goes live — no spam, just the launch.
Get notified
Secure your entire stack today
Start scanning in under 5 minutes. No credit card required. 14-day free trial included.