Skip to main content
SafeDep now supports Bitbucket Cloud integration using Bitbucket Pipes. Using Pipes, SafeDep can be integrated into any Bitbucket CI/CD workflow.

Prerequisites

Bitbucket Account

Bitbucket account with access to your project

Repository

A source code repository to integrate SafeDep in pipelines.

Quick Start

1. Enable CI on Your Project

If you don’t already have a bitbucket-pipelines.yml, create one 
touch bitbucket-pipelines.yml

2. Add SafeDep in your pipeline

script:
  - pipe: safedep/vet-pipe:v1.0.0
That’s it. The default values will be used for dependency scanning. For policy customization and SafeDep Cloud integration, see the Inputs, Policy and Cloud Sync sections.

Inputs

vet-pipe accepts many inputs (aka variables) that you can specify when running the pipe.

Cloud Sync

Cloud Sync requires a subscription to SafeDep Cloud.
Cloud Sync synchronizes scan data and policy violations with SafeDep Cloud for centralized analysis, query and reporting. Set the following variables to enable cloud sync: 
script:
  - pipe: safedep/vet-pipe:v1.0.0
    variables:
      CLOUD: true
      CLOUD_KEY: '--YOUR-SAFEDEP-API-KEY--'
      CLOUD_TENANT: '--YOUR-SAFEDEP-TENANT-ID--'
You can generate your CLOUD_KEY and CLOUD_TENANT values from https://app.safedep.io To create these:
  • Sign Up / Login to https://app.safedep.io
  • Create your Tenant
  • Go to Settings
  • Go to API Keys
  • Then create API Key

Policy Customization

Policy customization is optional. SafeDep Pipe comes with default policies.
Policy as Code treats security policies as configuration files that can be evaluated by tools to make runtime decisions. SafeDep Pipe comes with default policies. If you want to use your own policies, you can specify them using the POLICY variable. See Policy as Code for more details. 
image: alpine:latest

pipelines:
  default:
    - step:
        name: "Run Vet Scan"
        script:
          - pipe: safedep/vet-pipe:v1.0.0
            variables:
              POLICY: "./safedep/policy.yml"
When a policy violation occurs, the pipeline fails. To overwrite this, set SKIP_FILTER_CI_FAIL: "true" in variables, to skip fail when a policy violation happens.

Other Inputs

See the vet-pipe Bitbucket repo for more detail about other available inputs.

Artifact

Each vet execution produces a vet-report.json file, which is generated by applying the --report-json flag in the vet command. This generated file can be downloaded by setting the artifact property in bitbucket-pipelines.yml 
- step:
    name: "Run Vet Scan"
    script:
      - pipe: safedep/vet-pipe:v1.0.0
    artifacts:
      - vet-report.json
This file will be available to download at Pipelines > Select a Pipeline > Artifacts in the Bitbucket UI.

Support

Please raise an issue on the vet-pipe GitHub repo or the vet-pipe Bitbucket mirror for any support requests.