Skip to content

Running Fixinator on Bitbucket

Pete Freitag edited this page Apr 4, 2019 · 4 revisions

Bitbucket has a notion of build pipelines, which can run every time you commit code to your bitbucket repository. We can easily create a pipeline to scan your code for vulnerabilities using Fixinator.

Running Fixinator on BitBucket Pipelines

Add your Fixinator API Key as a Pipeline Account Variable

If you do not have a fixinator api key head over to https://fixinator.app/ to obtain one.

  1. Logged in to Bitbucket, click on your profile picture (Your Profile and Settings)
  2. Click on Settings
  3. Click on Account variables under the Pipelines heading
  4. Under name use FIXINATOR_API_KEY for value use your API key.
  5. Click on the Lock icon to mark as a secure value (this prevents it from being leaked through logs)
  6. Click Add

The above process should make the key avaliable to all your repositories, but you can also just create a pipeline variable instead if you only need to add it to one repository.

Create a Pipeline

The Bitbucket pipeline is defined by file in the root of your repository called bitbucket-pipelines.yml, so create a file named bitbucket-pipelines.yml with the following contents:

image: openjdk:8

pipelines:
  default:
    - step:
        caches:
          - commandbox
          - cache
        script: 
          - test -e ~/cache/box || curl --location -o ~/box.zip https://www.ortussolutions.com/parent/download/commandbox/type/bin
          - test -e ~/cache/box || unzip ~/box.zip -d ~/cache/
          - chmod a+x ~/cache/box
          - ~/cache/box install fixinator
          - mkdir ./test-reports
          - ~/cache/box fixinator path=. resultFile=./test-reports/fixinator-results.xml resultFormat=junit
definitions:
  caches:
    commandbox: ~/.CommandBox/
    cache: ~/cache/

Example Bitbucket Repository

Here is an example repository, and an example pipeline result.

Pipeline Caching

You may have noticed that the script makes use of pipeline caching, this will speed up your build time quite a bit, it will store a copy of commandbox in the cache so it doesn't need to initialize every time. You may occasionally want to delete the cache if the version of commandbox becomes out of date.

You can’t perform that action at this time.