Announcing Mend SCA for Bitbucket Cloud Integration

We’re proud to announce that Bitbucket Cloud users can now unlock the full power of Mend for automatic detection and remediation of open source risk.

With the release of our new Bitbucket Cloud integration in the Atlassian Marketplace, Mend now makes it possible for developers to find and eliminate vulnerabilities, all while staying in their Bitbucket Cloud repositories.

Designed from the start to keep overall burden on developers low, Mend’s integration also scales and deploys rapidly while giving compliance and security leaders highly configurable control over their open source risk.

Instead of requiring a separate security tool, developers now can work entirely within Bitbucket Cloud, keeping their code secure with minimal impact on their workflow.

For organizations using Bitbucket Cloud, repository scanning with Mend’s new integration represents a significant improvement over scanning at a later point in the software development life cycle (SDLC).

“When open source code began to be recognized as a source of risk, organizations started looking to identify that risk in their CI/CD pipelines,” says Jeffrey Martin, vice president of product at Mend. “That still represented a substantial ‘shift left’ from patching code after release. Now, by shifting left even further, into the repository, risks can be detected and remediated earlier and faster.”

When developers commit code to their Bitbucket Cloud repository, Mend SCA scans their changes to identify any newly introduced risks. Martin says those risks can take several forms: “Mend can detect CVEs in direct and transitive dependencies, and it will make sure you know how severe those issues are,” he says. “We can also identify when developers are bringing in code that uses open source licenses their organization doesn’t want to use -– and we can block that code from becoming part of the application before it’s ever committed.”

Using Mend’s rapid rollout capabilities, organizations using Bitbucket Cloud can deploy and start seeing benefits from Mend SCA within hours. Security and compliance teams can reduce risk fast with 100 percent developer adoption, requiring Mend SCA scans on commit and enforcing policies centrally.

Mend SCA also makes it possible to create software bills of material (SBOMs) directly from the repository, ensuring that compliance and security teams have full visibility into all open source components from an early stage of the SDLC. With full visibility into the entire code base and its components, organizations can rapidly discover whether newly discovered zero-day vulnerabilities impact the applications they sell.

According to Martin, the integration was a natural fit. “Bitbucket Cloud’s customers choose Bitbucket because they want to be able to stay in one set of tools consistently,” he says. “We’ve developed this integration to add security and real risk reduction without compromising Bitbucket Cloud’s main value to the developer -– being able to do more without having to constantly switch back and forth between tools.”

In order to use the new Mend SCA integration for Bitbucket Cloud, organizations will need to already have a Bitbucket license, as well as a license for Mend SCA Enterprise (the Bitbucket Cloud integration is not offered with Mend SCA Teams). Contact your Mend representative for more information on making security fast and easy within Bitbucket Cloud.

For more information, contact your Mend representative.