Resources Blog Continuously improve CI/CD with Sonatype Lifecycle and ...

Continuously improve CI/CD with Sonatype Lifecycle and Bitbucket Code Insights

Over the last few weeks we've been highlighting our integrations with Atlassian that bring open source governance insights right into your favorite Atlassian tools. We have integrations for planning and building applications. We wanted to save our newest integration into developer tooling for last: Bitbucket Code Insights.

According to Atlassian, "Code Insights in Bitbucket Cloud lets you bring the best DevOps scanning, testing and analysis tools into your code review process."

Using Sonatype Lifecycle and Bitbucket Server or Cloud, developers experience better code reviews and bring open source component security and license information right into your pull requests. Developers can see all of the details needed to remediate any policy issues on their branch, and fix violations quickly. They can even drill down to the specific line(s) of code that introduced the violation, with instructions on how to fix them. No need to switch applications. No need to slow down the process. No need to fail builds, or come back to this a week later because of a report from security. This kind of information accelerates feedback loops for Bitbucket users that are critical to successful DevSecOps practices.

As a developer, you can:

  1. Choose the highest quality components from the start.
  2. Find out instantly if code you just committed contains risk.
  3. Fix those issues in a few clicks.
  4. Commit your changes and move on to the next task.

Check out this video to see how our integrations with Jira Software, Bamboo, and Bitbucket work holistically to keep your application secure at every stage in the SDLC.

Want a more in depth look into all of our integrations with Atlassian? Learn more about how we help development organizations deliver higher quality applications faster.

Picture of Kevin Miller

Written by Kevin Miller

Kevin Miller is a Product Marketing Manager at Sonatype where he works to empower the development community to shift component choice and security left. He believes that putting the right tools and options in the hands of developers will help accelerate software innovation and minimize open source risk.