Skip to main content
  • Semgrep Cloud Platform
  • Team & Enterprise Tier

Enabling Bitbucket pull request comments

Prerequisites
  • You must have a Bitbucket Cloud Free, Standard, or Premium plan. Bitbucket Data Center is not supported.
  • Bitbucket PR comments can only be enabled through Semgrep Cloud Platform (SCP). Create an account to set up Slack notifications.
  • To receive alerts and notifications, you must add or onboard a project (repository) to Semgrep Cloud Platform for scanning.

There are two ways in which you can integrate Semgrep comments into Bitbucket Cloud depending on the Bitbucket plan you use:

  • Workspace access token: If you use the Bitbucket Cloud Premium plan, you can create a workspace access token. This option saves time because you can create one access token for all repositories in the workspace. With one workspace access token, you can bulk-onboard more repositories at once from a whole workspace. See Creating a workspace access token. However, you can also use the option of a repository access token to onboard repositories one by one.
  • Repository access token: If you do not have the Bitbucket Cloud Premium plan, create a separate repository access token for each repository where you want to use Semgrep. This configuration option is also useful if you have the Bitbucket Cloud Premium plan, but prefer to onboard repositories one by one instead of bulk onboarding. See Creating a repository access token.

Creating and adding a workspace access token

Prerequisite
  • Bitbucket Cloud Premium plan. If you do not have a Bitbucket Cloud Premium plan, create a repository access token.

Create a workspace access token in Bitbucket (only available if you have a Bitbucket Cloud Premium plan). Fulfill these general steps to create a workspace access token:

  1. Create a workspace access token in Bitbucket with Read and Write permissions for pull requests. Follow the instructions in Create a workspace Access Token in Bitbucket documentation.
  2. Add the workspace access token as a workspace variable with the Secured option.

To complete the configuration, follow the Enabling PR comments in Bitbucket Cloud section.

Enabling PR comments in Bitbucket Cloud

Prerequisite

To enable PR comments, define the BITBUCKET_TOKEN environment variable in your CI configuration file. Its syntax and placement in your CI configuration file depends on your CI provider. For example, in Bitbucket Pipelines, its syntax is the following:

- export BITBUCKET_TOKEN=$PAT

The following snippet is a sample with BITBUCKET_TOKEN defined in a bitbucket-pipelines.yml file:

image: atlassian/default-image:latest

pipelines:
  branches:
    main:
      # ...
  pull-requests:
    '**':
      - step:
          name: 'Run Semgrep diff scan with PR branch'
          image: returntocorp/semgrep
          script:
            # ...
            - export BITBUCKET_TOKEN=$PAT

After defining the BITBUCKET_TOKEN, you have successfully set up PR comments in Bitbucket Cloud.

info

Only rules set to the Comment and Block rule modes in the Policies page create PR comments.

Find what you needed in this doc? Join the Semgrep Community Slack group to ask the maintainers and the community if you need help, or check out other ways to get help.