Automating Vulnerability Scanning in Bitbucket Pipelines

Automating Vulnerability Scanning in Bitbucket Pipelines

Hi Everyone,

I’m looking to automate vulnerability scanning for code written in Java, Scala, Python, and Node.js within a Bitbucket pipeline. My plan is to use a CLI tool to scan the code, generate a vulnerability report, and break the pipeline if any fixable vulnerabilities are found.

I came across (www.youtube.com/watch in the official YouTube channel, but I couldn’t find detailed documentation specific to implementing this in Bitbucket Pipelines.

Could anyone share resources or guidance for setting up CLI-based code scanning (for Java, Scala, Python, and Node.js) in Bitbucket Pipelines?

Note: From what I’ve learned, Bitbucket-Fortify integration is limited to Java applications, which is why I’m exploring CLI-based solutions for other languages.

If there’s a better approach to achieve my goal of automating vulnerability scanning in Bitbucket Pipelines, I’m open to suggestions.

Apologies if this sounds like a basic question—I’m still exploring this topic. Thank you in advance for your help!