For offline viewing and processing of security scan reports generated by Security for Bitbucket, you can export those reports to a csv file. This file will have the following format:

You can export vulnerabilities using one of a few ways, each of which is described below.

Exporting a single branch via the Branch Scan Report

To export the vulnerabilities from a single branch, first navigate to the Branch Scan Report for the branch in question. Then click the Export button in the top right corner of the report:

This will download a file with the name format <projectKey>_<repositoryKey>_<branchName>.csv.

Exporting from a Dashboard

From the Global, Project-level, and Repository-level Dashboards, there are two primary approaches to exporting vulnerabilities.

Using the Dashboard’s Export button

An Export button is visible in the upper-right of each dashboard. Depending on which dashboard and view level, this button will appear as one of the following:

  • Export Repository

  • Export Project

  • Export All Projects (only available from the Global Dashboard)

One example is shown below:

The resulting downloaded file will have the following name/format:

  • for Export Repository: <projectKey>_<repositoryKey>.csv

  • for Export Project: <projectKey>.csv

  • for Export All Projects: Bitbucket - Vulnerability Report.zip

When exporting a repository, the generated report will contain the vulnerabilities found in all branches of that repository.

When exporting a project, the generated report will contain the vulnerabilities found in all branches of all repositories of that project.

When exporting all projects, the generated report will contain all vulnerabilities found in all projects in the Bitbucket instance. The resulting zip file will contain one csv file per project.

Export All Projects can put a strain on Bitbucket resources if there are a lot of vulnerabilities. Consequently, a dialog box will pop up to confirm that you wish to perform this action.

Using the Actions menu

From any dashboard, navigate to the desired level view, click the Actions dropdown menu, and select Export item as shown below:

The exported file will have the following name format:

  • for a branch: <projectKey>_<repositoryKey>_<branchName>.csv

  • for a repository: <projectKey>_<repositoryKey>.csv

  • for a project: <projectKey>.csv

Exporting vulnerabilities via a REST call

You may also use various REST calls to export vulnerabilities of any given branch, repository, project, or the whole Bitbucket instance.