For offline viewing and processing of security scan reports generated by Security for Bitbucket, you can export those reports to a CSV file. This file will have the following format:
You can export vulnerabilities using one of a few ways, each of which is described below.
Exporting a single branch via the repository Scan page
To do so, first go to the repository and report in question.
Then click the Export button in the top right corner of the report:
You will then download a file with the naming scheme:
Exporting from the Security Scan Report
You can export detected vulnerabilities from the global dashboard which you can access by clicking the lock icon in the top Bitbucket bar.
Click the action drop-down menu and select Export item as shown below:
You can do this on any view level -- branch, repository, or project. When exporting a project, the generated report will contain the vulnerabilities found in all branches of all repositories which belong to the selected project.
The exported file will have the following name:
Additionally, if you need to export all vulnerabilities for all projects, repositories, and branches into a single file, from the global Security Scan Report page, you may click the “Export All Projects” button as shown below.
Note that this can put a strain on Bitbucket resources if there are a lot of vulnerabilities across the Bitbucket instance. Consequently, a dialog box will pop up to confirm that you wish to perform this action.
Exporting vulnerabilities via a REST call
You may also use various REST calls to export vulnerabilities of any given branch, repository, project, or the whole Bitbucket instance.