Automating Vulnerability Scanning in Bitbucket Pipelines
Hi Everyone,
I’m looking to automate vulnerability scanning for code written in Java, Scala, Python, and Node.js within a Bitbucket pipeline. My plan is to use a CLI tool to scan the code, generate a vulnerability report, and break the pipeline if any fixable vulnerabilities are found.
I came across (www.youtube.com/watch in the official YouTube channel, but I couldn’t find detailed documentation specific to implementing this in Bitbucket Pipelines.
Could anyone share resources or guidance for setting up CLI-based code scanning (for Java, Scala, Python, and Node.js) in Bitbucket Pipelines?
Note: From what I’ve learned, Bitbucket-Fortify integration is limited to Java applications, which is why I’m exploring CLI-based solutions for other languages.
If there’s a better approach to achieve my goal of automating vulnerability scanning in Bitbucket Pipelines, I’m open to suggestions.
Apologies if this sounds like a basic question—I’m still exploring this topic. Thank you in advance for your help!