Configure Bitbucket Webhooks

After the Bitbucket posting user has been created and the repositories are populating in the HackerOne Code dashboard successfully, the Bitbucket webhooks can be configured.

These steps for configuring Bitbucket webhooks will need to be repeated for each Bitbucket repository receiving HackerOne Code service.

Configure webhooks

Webhooks can be configured per-repository on the Bitbucket Data Center (or Bitbucket Server) application.

The URL for your webhook should be the base URL of the PullRequest Proxy with the following:

/webhooks/bitbucket

OPTIONAL - Add a webhook secret. The secret will be used to sign your webhook requests as they are posted to the proxy:

  • You will need the same webhook secret for all of your repositories if you add one.

  • This secret must match the WEBHOOK_SECRET field when you configured the proxy.

Webhook events

The following webhook events are needed:

Component

Events

Repository

PUSH MODIFED

PullRequest

ALL EVENTS

Click the Test connection button in the repository webhook configuration UI in Bitbucket and make sure you get a 200 status.

Make sure the webhook is set to Active at the bottom of the Bitbucket configuration page and click Create.

Repeat these steps for any other repositories that are in your list and have not been configured.

Last updated