How to trigger a full Bitbucket rescan?

You can schedule re-scan of all data on your Bitbucket with a single REST-call like this:

curl -u admin -v -X PUT -d "" -H "Content-Type: application/json" http://bitbucket.server/rest/security/latest/status/total_rescan
CODE

where admin is your Bitbucket admin user (you’ll be prompted for a password) and bitbucket.server is URL of your Bitbucket server. You can monitor progress of scanning on Security Scan Report page.

Please note, that if you have much of data on your Bitbucket instance, all existing branches in all projects and repositories will be scanned, which may be very resource-consumptive and may take a long time to complete.

How to change the amount of parallel scans?

To optimize the load, you can try to change number of parallel threads used Security for Bitbucket during rescan with an additional REST-cal:

curl -u admin -v -X PUT -d "" -H "Content-Type: application/json" http://bitbucket.server/rest/security/latest/status/active/4
BASH

This command will change number of scan threads to 4. As of performance considerations, you cannot set number of threads greater than number of available CPUs. For maximum performance, you can specify 0 value to use all available CPUs, but be advised that this can affect overall Bitbucket server performance dramatically.

How to export detected vulnerabilities

To export the full list of detected vulnerabilities from all projects, repositories and branches use the following command:

curl -u admin -o report.zip http://bitbucket.server/rest/security/latest/export-report?confirmExpensiveOperation=true
BASH

It will save vulnerabilities into report.zip file in a working directory. Note, that this may be very time and resource consumptive if you have many repositories or many detected vulnerabilities, so Bitbucket server performance can be affected significantly.

To export vulnerabilities only for a selected project / repository / branch, use requests:

curl -u admin http://bitbucket.server/rest/security/latest/export-report/projects/<PROJECT_KEY>
curl -u admin http://bitbucket.server/rest/security/latest/export-report/projects/<PROJECT_KEY>/repos/<REPOSITORY_SLUG>
curl -u admin http://bitbucket.server/rest/security/latest/export-report/projects/<PROJECT_KEY>/repos/<REPOSITORY_SLUG>?branch=<BRANCH_NAME>
BASH