Socket in your Bitbucket Pipeline

Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for your open source dependencies. It is easy to integrate Socket into your Bitbucket Pipeline to provide an extra layer of security against Supply Chain Attacks.

Adding Socket to your pipeline

Create your Socket API Key

You can either create your API Key yourself if you have permissions in your socket.dev account or you can have your Admin create it for you with the Reports scope.

1. Log into the socket.dev dashboard

2. Go to Settings

3. Go to the API Tokens tab

4. Select Create API Token

5. Give the token a name like Gitlab API Token

6. Select the report Scope

   

7. Click Confirm

8. Click on Show key

9. Click on the API Token to copy

Create your Socket Environment variable

1. Log into Bitbucket

2. Navigate to your repository

3. Go to Repository Settings

4. Go to Repository variables

5. Add a New variable

   1. Name: SOCKET_SECURITY_API_KEY
   2. Value: Your Socket API Key
   3. Secured: Checked

6. Click Add

Example Bitbucket Pipeline Setup

1. Go to Source
2. Select the ... menu
3. Select Add file
   1. filename: bitbucket-pipelines.yml
   2. Paste the following YAML or integrate into your existing pipeline
      YAML

      image: node:18
      pipelines:
        pull-requests:
          '**':
            - step:
                name: Run Socket.dev Security Check
                condition:
                  changesets:
                    includePaths:
                      - "**package.json"
                caches:
                  - node
                script:
                  - npm install -g @socketsecurity/cli
                  - socket ci .
      

4. Commit changes to your main branch or the current branch you are working on

Testing pipeline

1. Create a new branch

2. Modify or add a package.json

3. Create a new Pull request

4. Confirm that the Socket CI pipeline job ran