By default, Security for Bitbucket:

  • Distributes scanning to every Bitbucket Data Center node

    • Server installations are treated as single-node Data Center installations

  • Runs 2 scans in parallel per Bitbucket node.

Scans beyond the number of scans run in parallel are stored in a queue. This queue is accessible to all Bitbucket nodes. You can turn on debug logging to see detailed information about the scans being run on each node.

The settings for parallel scans can be queried and adjusted in the following ways:

Changing the number of parallel scans

This setting is stored and persists upon plugin update and Bitbucket restarts.

To speed up scanning, you can change the number of parallel threads used by Security for Bitbucket during scans:

curl -u admin -X PUT https://{bitbucket.server}/rest/security/latest/status/active/{size}
BASH
  • admin is your Bitbucket admin user (you’ll be prompted for a password)

  • bitbucket.server is URL of your Bitbucket server

  • size is the number of parallel scan threads used per Bitbucket node.

For instance, setting size to 4 will change the number of scan threads on every Bitbucket node to 4. As a performance consideration, the requested number of threads is clamped to the available number of CPUs. To maximum scanning performance, you can specify the value 0 to use all available CPUs, but be advised that this can affect overall Bitbucket performance dramatically.

Security for Bitbucket does not currently support configuring a different number of parallel threads on different Bitbucket nodes.

Querying the number of parallel scans

To get the number of parallel scans:

curl -u admin -X GET https://{bitbucket.server}/rest/security/latest/status/worker-pool/size
CODE
  • admin is your Bitbucket admin user (you’ll be prompted for a password)

  • bitbucket.server is URL of your Bitbucket server

This call returns a positive integer which is the configured number of parallel scans. Note that if this setting was set to 0 (to set number of threads to the number of available CPUs), the returned number will be the actual number of available CPUs, not 0.

Verifying distributed scanning

To verify that Security for Bitbucket was successful in setting up a distributed scan queue in your Bitbucket installation:

curl -u admin -X GET https://{bitbucket.sever}/rest/security/latest/status/worker-pool/distributed-scanning-enabled
CODE

This call will either true if Security for Bitbucket was able to set up distributed scanning, or false if something went wrong. If distributed scanning isn’t working in your Bitbucket setup, please contact our support team.