{"id":1085,"date":"2020-06-08T11:06:58","date_gmt":"2020-06-08T10:06:58","guid":{"rendered":"https:\/\/42crdev.prexihost.com\/?p=1085"},"modified":"2023-02-15T16:55:20","modified_gmt":"2023-02-15T16:55:20","slug":"tutorial-bitbucket-api-static-security-audit","status":"publish","type":"post","link":"https:\/\/staging2022.42crunch.com\/tutorial-bitbucket-api-static-security-audit\/","title":{"rendered":"BitBucket Pipelines API Security Audit Extension"},"content":{"rendered":"\n\n\t<p>Tutorials<\/p>\n\n\t<p>In this quick tutorial you&#8217;ll learn how to add static security testing to your REST APIs in Bitbucket with the <a href=\"https:\/\/bitbucket.org\/product\/features\/pipelines\/integrations?p=42crunch\/api-security-audit\">42Crunch REST API Static Security Extension<\/a>. Prerequisite: Make sure you have a 42Crunch API Security Platform account. You can register here: <a href=\"https:\/\/platform.42crunch.com\/register\">https:\/\/platform.42crunch.com\/register<\/a><\/p>\n\t<iframe loading=\"lazy\" width=\"1110\" height=\"624\" src=\"https:\/\/www.youtube.com\/embed\/SpmbnL8kMgE\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<h2>\n\t\tCreate API Token for the pipe\n\t<\/h2>\n\t<p>You must add an API token that the pipe uses to authenticate to Security Audit.<\/p>\n<ul>\n<li>Log in to 42Crunch Platform, and click your profile.<\/li>\n<li>Click Settings &gt; API Tokens, and click Create New Token.<\/li>\n<li>Enter a unique and descriptive name for the token, such as CI_CD token.<\/li>\n<li>In token access rights, select API Contract Security Audit, List Resources, and Delete Resources.<\/li>\n<li>Click Generate Token.<\/li>\n<li>Copy the token value, you will need it when you configure the task on the pipeline.<\/li>\n<\/ul>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/create-token-Custom-1024x577.png\" alt=\"create-token (Custom)\" itemprop=\"image\" height=\"577\" width=\"1024\" title=\"create-token (Custom)\" onerror=\"this.style.display='none'\"  \/>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/api_token-Custom.png\" alt=\"api_token (Custom)\" itemprop=\"image\" height=\"211\" width=\"712\" title=\"api_token (Custom)\" onerror=\"this.style.display='none'\"  \/>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/create-pipe-Custom-1024x577.png\" alt=\"create-pipe (Custom)\" itemprop=\"image\" height=\"577\" width=\"1024\" title=\"create-pipe (Custom)\" onerror=\"this.style.display='none'\"  \/>\n<h2>\n\t\tAdd a Bitbucket variable for the API token\n\t<\/h2>\n\t<section>\n<p>Before you add the pipe to your Bitbucket pipeline, you must add the API token you created as a secured repository variable.<\/p>\n<ul>\n<li>Log in to your Bitbucket account, and go to your repository.<\/li>\n<li>Click &gt; Repository settings &gt; Repository variables.<\/li>\n<li>Enter the following: as the variable name, as the value, and make sure you select Secured: Name: SECURED_42C_API_TOKEN, Value: The value of the API token you created<\/li>\n<li>Make sure Secured is selected, and click Add.<\/li>\n<\/ul>\n<p>You have now created the variable that your pipeline can use to authenticate to Security Audit.<\/p>\n<\/section>\n<h2>\n\t\tAdd the pipe to your Bitbucket pipeline\n\t<\/h2>\n<p>To run the pipe, you must add it to your Bitbucket pipeline.<\/p>\n<ul>\n<li>Log in to your Bitbucket account and go to the pipeline you want.<\/li>\n<li>Open the pipeline configuration file bitbucket-pipelines.yml for editing<\/li>\n<li>Under script, add the following line where you want to add the pipe: &#8211; pipe: 42crunch\/bitbucket-api-security-audit-pipe:1.0.5<\/li>\n<li>Click commit!<\/li>\n<\/ul>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/paste-script-Custom-1024x575.png\" alt=\"paste-script (Custom)\" itemprop=\"image\" height=\"575\" width=\"1024\" title=\"paste-script (Custom)\" onerror=\"this.style.display='none'\"  \/>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/bitbucket_collection-Custom.png\" alt=\"bitbucket_collection (Custom)\" itemprop=\"image\" height=\"258\" width=\"831\" title=\"bitbucket_collection (Custom)\" onerror=\"this.style.display='none'\"  \/>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/bitbucket-report-Custom.png\" alt=\"bitbucket-report (Custom)\" itemprop=\"image\" height=\"1082\" width=\"1920\" title=\"bitbucket-report (Custom)\" onerror=\"this.style.display='none'\"  \/>\n<h2>\n\t\tREST API Static Security Audit\n\t<\/h2>\n\t<section>\n<p>The pipe will either succeed or fail depending on the minimum score. The summary of the run in the pipeline reports provides you further details on how the job went.<\/p>\n<p>The pipe uploads all discovered OpenAPI (Swagger) definitions to the specified API collection in 42Crunch Platform.<\/p>\n<p>The report of the run include a link to each discovered API. You can click on the link to view the detailed audit report of the corresponding API in 42Crunch Platform.<\/p>\n<\/section>\n\n","protected":false},"excerpt":{"rendered":"<p>Learn how to add API security Audit extension in the BitBucket Pipelines CI\/CD and run the API Audit.<\/p>\n","protected":false},"author":4,"featured_media":12267,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"BitBucket Pipelines API Security Audit Extension ","_seopress_titles_desc":"Learn how to add API security Audit extension in the BitBucket Pipelines CI\/CD and run the API Audit.","_seopress_robots_index":"","site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"categories":[11],"tags":[22,16,25],"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/1085"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=1085"}],"version-history":[{"count":0,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/1085\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media\/12267"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=1085"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/categories?post=1085"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/tags?post=1085"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}