Skip to main content
Connect Bitbucket Cloud to scan your repositories for security vulnerabilities.

Connection Methods

OAuth Setup

1

Navigate to Integrations

SettingsIntegrationsBitbucketConnect with OAuth
2

Authorize CodeThreat

You’ll be redirected to Bitbucket. Click Grant access to authorize
3

Select Workspace

Choose which Bitbucket workspace to connect
4

Import Repositories

Select repositories to scan and click Import

OAuth Permissions

CodeThreat requests:
  • repository:read: Read repository content
  • pullrequest:read: Access pull requests
  • webhook: Manage webhooks

App Password Setup

1

Open Bitbucket Settings

Click your profile → Personal settingsApp passwords
2

Create App Password

Click Create app passwordLabel: CodeThreat Security Scanner Permissions: Select:
  • Repositories: Read
  • Pull requests: Read
  • Webhooks: Read and write
3

Create and Copy

Click Create and copy the password immediately
4

Add to CodeThreat

SettingsIntegrationsBitbucket → Select App PasswordEnter your Bitbucket username and paste app password
5

Import Repositories

Select repositories to scan

Webhook Configuration

CodeThreat creates webhooks automatically for automated scanning.

Webhook Events

  • Repository push: Trigger scans on commits
  • Pull request created: Scan new PRs
  • Pull request updated: Rescan on changes

Verify Webhooks

  1. In Bitbucket: Repository → SettingsWebhooks
  2. Find webhook pointing to: https://app.codethreat.com/webhooks/bitbucket
  3. Click webhook → View requests to see delivery history

Pull Request Integration

Get security feedback directly in Bitbucket pull requests.

Enable PR Scanning

In CodeThreat repository settings:
  • Auto-scan on PR: ✓ Enabled
  • AI PR reviews: ✓ Enabled
  • Post PR comments: ✓ Enabled

PR Build Status

CodeThreat updates pull request build status:
  • Successful: No critical/high vulnerabilities
  • Failed: Security issues found
  • In Progress: Scanning

Best Practices

  • Use OAuth for simpler setup
  • Connect at workspace level for teams
  • Enable PR scanning
  • Set merge checks to require security scans

Troubleshooting

Connection failed:
  • Verify app password permissions are correct
  • Check username is your Bitbucket username (not email)
  • Ensure workspace access granted (for OAuth)
Repositories not showing:
  • Verify you have Read access to repositories
  • Check workspace is correctly selected
  • Re-authorize the connection
Webhook not triggering:
  • Check webhook delivery history in Bitbucket
  • Verify webhook is active
  • Ensure outbound HTTPS is allowed

Next Steps

Run Your First Scan

Start scanning Bitbucket repositories

PR Scanning

Get security feedback on pull requests