Configure Bitbucket Webhooks

After the Bitbucket posting user has been created and the repositories are populating in the HackerOne Code dashboard successfully, the Bitbucket webhooks can be configured.

These steps for configuring Bitbucket webhooks will need to be repeated for each Bitbucket repository receiving HackerOne Code service.

Configure webhooks

Webhooks can be configured per-repository on the Bitbucket Data Center (or Bitbucket Server) application.

The URL for your webhook should be the base URL of the PullRequest Proxy with the following:

/webhooks/bitbucket

OPTIONAL - Add a webhook secret. The secret will be used to sign your webhook requests as they are posted to the proxy:

  • You will need the same webhook secret for all of your repositories if you add one.

  • This secret must match the WEBHOOK_SECRET field when you configured the proxy.

Note: The proxy, when started without SSL, listens on TCP port 5012 rather than TCP port 80. This is because TCP ports below 1024 are considered privileged on Linux and can only be bound by processes running with root permissions or with the CAP_NET_BIND_SERVICE capability. If the proxy runs as a non-root (non-privileged) user, it cannot claim port 80, so it defaults to an unprivileged port such as 5012.

Webhook events

The following webhook events are needed:

Component

Events

Repository

PUSH MODIFED

PullRequest

ALL EVENTS

Click the Test connection button in the repository webhook configuration UI in Bitbucket and make sure you get a 200 status.

Make sure the webhook is set to Active at the bottom of the Bitbucket configuration page and click Create.

Repeat these steps for any other repositories that are in your list and have not been configured.

Last updated