DEVOPSdigest

Orca Security announced the Orca Bitbucket App, a cloud-native seamless integration for scanning Bitbucket Repositories.

The new capability enables security teams to automatically scan Bitbucket repositories for misconfigurations, exposed secrets, and vulnerabilities without disrupting developer workflows, improving the security of application delivery pipelines without compromising speed.

“Code repositories like Bitbucket are critical enablers for development teams,” said Arie Teter, chief product officer, Orca Security. “Relying on popular public code rather than reinventing the wheel for each development lifecycle is crucial for developers who want to move at the speed of business. The trouble is that code repositories are often riddled with vulnerabilities, and that risk must be managed without slowing down DevOps teams. The Orca Bitbucket app provides a necessary layer of security that does not impede the CI/CD pipeline, enabling developers to ship more secure code faster.”

The Orca Bitbucket App requires nothing but a one-time authentication to centrally manage and enforce policies across all existing and future repositories without manual setup. The Code Security dashboard within Orca delivers comprehensive visibility for all repositories across different SCM platforms, giving security teams a complete understanding of all application risks.

Key features of the Orca Bitbucket App include:

- Automated security scans on every merge: Protected branches are continuously scanned, with contextual alerts and actionable insights to help teams quickly identify and remediate security issues.

- Configurable pull request scans: Orca scans every pull request, detecting newly introduced issues and alerting developers in real time. This proactive approach helps prevent problematic code from being merged until all detected issues are resolved.

- Periodic scans for inactive repositories: Even rarely updated repositories are monitored, ensuring that newly discovered vulnerabilities don’t go unnoticed.

With the Orca Bitbucket app, security teams may embed automatic security scanning directly into the development pipeline, enabling faster and more secure application development. Adding Bitbucket to Orca’s existing coverage for other Atlassian tools including Jira, as well as GitHub, GitLab, and Azure DevOps, expands upon the company’s commitment to security the entire software development lifecycle.