Bitbucket pipelines
Prelude
GitGuardian CI/CD integration with Bitbucket pipeline is performed through our CLI application: ggshield
.
ggshield
is a wrapper around the GitGuardian API for secrets detection, an API key is required for authentication.
⚠ Bitbucket pipelines do not support commit ranges therefore only your latest commit in a pushed group or in a new branch will be scanned.
Preview
Installation
Service accounts are recommended to run this integration.
Please note that service accounts are only available for workspaces under our Business plan, and their administration is restricted to Managers. If your workspace is under the Free plan, you can still use a personal access token to run this integration.
- Create a service account from the API section of your GitGuardian workspace (or a personal access token if you are on the Free plan).
- Add this API key to the
GITGUARDIAN_API_KEY
environment variable in your project settings.
- Add a new step using ggshield to your Bitbucket repository's pipeline.
stages:
- scanning
gitguardian scan:
image: gitguardian/ggshield:latest
stage: scanning
script: ggshield secret scan ci
You may be interested in using GitGuardian's Bitbucket integration to ensure full coverage of your Bitbucket repositories as well as full git history scans and reporting.