On Demand

Webinar: Powering GRC Through Integrations & Automation.
Watch now
close
← Back to all integrations
Create an inventory of your code repos and automate ensuring PRs and repos are configured correctly.
Coming SoonComing Soon

BitBucket

Aptible’s BitBucket integration keeps your asset inventory up to date, triggers recurring security activities, and ensures your repo security settings are compliant.

Automate Asset Inventories

Not all of your code repos will be in scope of your ISMS. By maintaining this list over time, you’ll be able to more quickly react to requests from auditors and customers when they are investigating your SDLC policies.

Automate procedures on repo changes

You can leverage procedures to automatically trigger processes when code repos are added or removed from BitBucket (e.g. conduct a risk analysis when a code repo is created or remove sensitive data the code repository was utilizing).

Automatic Evidence Collection

Secure Settings

When syncing your code repos, we automatically check them for secure settings and collect evidence of all correct instances as well as create an issue and collect evidence for all non-secure settings identified.

SDLC Evidence

Comply will automatically record every Pull Request merged as an event and then process them using pre-configured checks to provide evidence that your SDLC policies are being followed and visibility into when they are not being followed. The automations that come with integration will generate healthy evidence for "Approved" and "CI Success" tagged events as well as unhealthy evidence and an issue for all others.

Automations

Assets synced
  • Code Repositories
Domains Automated
  • Secure System Development
Frameworks Automated
ISO 27001:2013
SOC 2
Requirements Automated
A.12.1.2
ISO 27001:2013
Change management
Changes to the organization, business processes, information pro- cessing facilities and systems that affect information security shall be controlled
A.12.1.4
ISO 27001:2013
Separation of development, testing and operational environments
Development, testing, and operational environments shall be separated to reduce the risks of unauthorized access or changes to the operational environment.
A.14.2.2
ISO 27001:2013
System change control procedures
Changes to systems within the development lifecycle shall be controlled by the use of formal change control procedures.
CC3.4
SOC 2
Risk Assessment
COSO Principle 9: The entity identifies and assesses changes that could significantly impact the system of internal control.
CC7.1
SOC 2
System Operations
To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities.
CC8.1
SOC 2
Change Management
The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives.
Integration scopes
  • Read: All repos
  • Read: All teams
  • Read: All pull request events
  • Permissions: Read Only
Learn More
BitBucket
Integration Documentation
Get a demo
PRODUCTS
ComplyDeploy
Use Cases
Resources
Company
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Log inLooking to talk to sales? Contact us

© 2021 Aptible Inc.