Bitbucket Cloud
Overview
Arnica Integrates directly with your Bitbucket Cloud application to help secure the development environment while identifying risks in real time - alerting your team and assisting with remediation actions. Arnica's integration is configurable allowing org-level provisioning or access to specified projects to extract the necessary data and take remediation actions.
Ensure service account continuity
Create a dedicated application user
Arnica's Bitbucket integration leverages a Bitbucket generated app password tied to a specified user. To avoid the revocation of this token upon the impersonated user's departure, it is highly recommended to create and integrate using a standard application user.
The created user will be visible to all developers as part of Arnica's interactions, such as comments on merge requests. Hence, it is recommended to name the service account properly, such as arnica-service-account
Prerequisites
IP allowlist
In some cases, customers may use IP allowlist to restrict which source IP addresses can access a specific workspace. To validate this functionality, navigate to https://bitbucket.org/[WORKSPACE_NAME]/workspace/settings/access-controls
and check the IP allowlisting
configuration.
If this configuration is enabled, add Arnica's IP addresses, as documented in the Ingress trafficsection of the on Premise integrations page.
Grant permissions to application user
Login to the Bitbucket Cloud workspace
Navigate to the
User Groups
page located inhttps://bitbucket.org/[YOUR_WORKSPACE]/workspace/settings/groups
Click on the
Administrators
group and add the dedicated application security user to this group.
If your environment is comprised of multiple workspaces, repeat the steps above for each workspace with the same user.
Installation process
Generate an app password
Login with the application user and navigate to the app passwords page.
Click on
Create App Password
and assign the following permissions to the token:

Click on
Create
Copy the credentials into a temporary place to use them later in the integration
Integrate
Navigate to the Integrations page in Arnica and click on
Bitbucket Cloud
.Fill in the username (not email) and the app password from the step above.
Click on
Validate
to ensure that the credentials work properly and then click onOK
.
FAQ
Q: Why does the service account need to have administrative permissions? A: While the service account is granted with administrative permissions, the app token that is used by Arnica has least privileges. It was designed this way to maintain access to required admin-only permissions without exposing the token to full admin rights.
Last updated
Was this helpful?