Orca Security, the pioneer of agentless cloud security, announced the Orca Bitbucket App, a cloud-native seamless integration for scanning Bitbucket Repositories. The new capability enables security teams to automatically scan Bitbucket repositories for misconfigurations, exposed secrets, and vulnerabilities without disrupting developer workflows, improving the security of application delivery pipelines without compromising speed.
Code scanning is a critical aspect of any application security program. Developer teams regularly make use of popular code repositories, but each repository is a source of potential risk and must be scanned for known vulnerabilities. This typically means manually embedding Command Line Interface (CLI) security tools into each repository and CI/CD pipeline, adding overhead and creating friction between security and development teams. Consistency also becomes a problem; it is difficult to ensure comprehensive coverage across all repositories and prevent security gaps.
“Code repositories like Bitbucket are critical enablers for development teams,” said Arie Teter, chief product officer, Orca Security. “Relying on popular public code rather than reinventing the wheel for each development lifecycle is crucial for developers who want to move at the speed of business. The trouble is that code repositories are often riddled with vulnerabilities, and that risk must be managed without slowing down DevOps teams. The Orca Bitbucket app provides a necessary layer of security that does not impede the CI/CD pipeline, enabling developers to ship more secure code faster.”
Also Read: NVIDIA, Alphabet and Google Collaborate to Drive Future of Agentic and Physical AI
The Orca Bitbucket App requires nothing but a one-time authentication to centrally manage and enforce policies across all existing and future repositories without manual setup. The Code Security dashboard within Orca delivers comprehensive visibility for all repositories across different SCM platforms, giving security teams a complete understanding of all application risks.
Key features of the Orca Bitbucket App include:
- Automated security scans on every merge: Protected branches are continuously scanned, with contextual alerts and actionable insights to help teams quickly identify and remediate security issues.
- Configurable pull request scans: Orca scans every pull request, detecting newly introduced issues and alerting developers in real time. This proactive approach helps prevent problematic code from being merged until all detected issues are resolved.
- Periodic scans for inactive repositories: Even rarely updated repositories are monitored, ensuring that newly discovered vulnerabilities don’t go unnoticed.
With the Orca Bitbucket app, security teams may embed automatic security scanning directly into the development pipeline, enabling faster and more secure application development. Adding Bitbucket to Orca’s existing coverage for other Atlassian tools including Jira, as well as GitHub, GitLab, and Azure DevOps, expands upon the company’s commitment to security the entire software development lifecycle.
Source: BusinessWire