If a user can see a given repository in one of the three dashboards (Global, Project-level, or Repository-level), that user can scan any branch in that repository for vulnerabilities and view the details of those vulnerabilities via the Branch Security Analysis.
For example, an admin for
Project 1 uses the Project-level Dashboard to see the status of each branch in the
By clicking on the number of findings found in the master branch as shown here:
this user can access the Security Analysis:
Here, we see two vulnerabilities, where the specific text that matched the rule’s regex is highlighted in (specifically, this is the group 0 match).
This user can use the branch selector dropdown in the upper-left to instead see the status of the
Since this branch hasn’t been scanned yet, there is no information to display. Pressing the Trigger Scan button as shown here:
will start the scan, or if Bitbucket already has multiple scans ongoing, this will schedule the scan. Results will start to populate as the app finds vulnerabilities in files within the branch:
The final results might look like the following:
Results of a scan can also be filtered by which rule generated the scan. Using the Filter By Rule dropdown in the upper-left, the admin can concentrate on one kind of vulnerability: