Integration with self hosted SAST & DAST tools

Santanoo Bhattacharjee September 12, 2020

Can someone please guide me to find the documentation which talks about the integration of self-hosted SAST/DAST tools (like Fortify & Web-inspect) with bitbucket pipelines?

Do we have any agents/runners to be installed & configured on the VMs which runs these tools?

1 answer

0 votes
Michael March September 13, 2020

If you want to "open up" your network to Pipelines, here's the IP range from Atlassian:

https://ip-ranges.amazonaws.com/ip-ranges.json

That will make operating your SAST tools as easy as possible.

Santanoo Bhattacharjee September 14, 2020

so are the tools to be integrated with some available apis for bit-bucket pipeline OR are they to be converted to docker images & then staged for run?

Is there any reference documentation for this? that would really help. 

thank you Michael. 

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events