HackerOne Code
Visit HackerOne.comLog In
  • Introduction to HackerOne Code for On-Premise Integrations
  • Create User Account & Organization
  • Installing PullRequest Proxy
  • Configuring your Proxy to Connect to the PullRequest Server
  • Configure Posting User
    • Configure GitHub Posting User
    • Configure Bitbucket Posting User
    • Configure GitLab Posting User
    • Configure Azure DevOps Posting User
  • Configuring SSL
  • Start the PullRequest Proxy
  • Verify Data on HackerOne Code
  • Configure Webhooks
    • Configure GitHub Webhooks
    • Configure Bitbucket Webhooks
    • Configure GitLab Webhooks
    • Configure Azure DevOps Webhooks
  • Next Steps
    • Project Visibility in the HackerOne Code Dashboard
  • Manually Requesting Validation With Posting User
  • Upgrading PullRequest Proxy
  • PullRequest Proxy Dataflow Diagram
Powered by GitBook
On this page
  • Prerequisites
  • Create Posting User
  • Apply Bitbucket Access Token
  • Connecting PullRequest Proxy to Bitbucket
  1. Configure Posting User

Configure Bitbucket Posting User

The service interfaces with users in Bitbucket projects through a "HackerOne" member of your Bitbucket team. So a Bitbucket user must be created and configured as a Posting or Service user.

PreviousConfigure GitHub Posting UserNextConfigure GitLab Posting User

Last updated 1 month ago

Prerequisites

The Bitbucket posting user must be created by an individual on your team with the following administrative permissions:

Create Posting User

Log in to your Bitbucket instance as an administrator and create a new user with the username PullRequest or HackerOne. HackerOne Code will use this user to post scan results and validated issues.

Add the user to all of the repositories you want code review on. Be sure to grant the user WRITE permission so it's able to post comments.

HackerOne Code will DOES NOT perform any code modification operations in your repositories. Read more about how we keep your data secure .

***We strongly recommend adding the following image as the posting user's avatar. This provides a much better end-user experience; it allows the service to be easily identified in the Bitbucket interface:

Apply Bitbucket Access Token

Log in to Bitbucket as the user you just created.

This may be easier in another browser or an incognito tab so you can remain logged in as the Bitbucket admin user.

The access token will need to have Projects READ and Repositories WRITE permissions.

Once generated, copy the personal access token to your clipboard so we can configure the connection to Bitbucket.

Connecting PullRequest Proxy to Bitbucket

Now, it's time to return to that text file we're editing on the proxy server. Go ahead and set the following keys based on what was configured above.

PROVIDER_TYPE=bitbucket
PROVIDER_BASE_URL=https://our-bitbucket.internal
PROVIDER_USERNAME=PullRequest
PROVIDER_ACCESS_TOKEN=<access_token>

Make sure the HackerOne Code Posting User's username is spelled exactly as the username of the user that was created. We highly recommend "HackerOne" (all one word, PascalCase) to maintain communication consistency.

Create a personal access token for the posting user in Bitbucket by opening in the browser you were logged into as the PullRequest user.

https://our-bitbucket.internal/plugins/servlet/access-tokens/manage
here
22KB
hackerone-posting-user-avatar.jpg
image
Creating a personal access token in Bitbucket