Branch Scan Report
If a user can see a given repository in one of the three dashboards (Global, Project-level, or Repository-level), that user can scan any branch in that repository for vulnerabilities and view the details of those vulnerabilities via the Branch Scan Report.
For example, an admin for Project 2
uses the Project-level Dashboard to see the status of each branch in the maprunner
repository:
By clicking on the number of vulnerabilities found in the master branch as shown here:
this user can access the Branch Scan Report:
This shows the one vulnerability. Expanding the vulnerability provides more details:
Here, we see that the specific text that matched the rule’s regex is highlighted in blue (specifically, this is the group 0 match).
This user can use the branch selector dropdown in the upper-left to instead see the status of the new-feature
branch:
Since this branch hasn’t been scanned yet, there is no information to display. Pressing the Trigger Scan button as shown here:
will start the scan, or if Bitbucket already has multiple scans ongoing, this will schedule the scan. Results will start to populate as the app finds vulnerabilities in files within the branch:
The final results might look like the following:
Results of a scan can also be filtered by which rule generated the scan. Using the Filter By Rule dropdown in the upper-left, the admin can concentrate on one kind of vulnerability: