Skip to content

Zero Touch Provisioning for Bitbucket

This tutorial walks you through the process of setting up ZTP for Bitbucket.


Before you begin, ensure you have:

  • Integrated Bitbucket to BoostSecurity.
  • Allowed development apps to be installed. You can do this by navigating to this url<your-bitbucket-org>/workspace/settings/addon-management. Replace <your-bitbucket-org> with the name of your Bitbucket organization.
  • Created a non-empty .boost repo in the Bitbucket workspace. To do this, go to your Bitbucket workspace where you installed BoostSecurity and create a new .boost repo that contains a Readme file.

    Bitbucket Boost Repo

  • Turned on the Enable Pipelines settings for your workspaces' .boost repository, i.e,<your-bitbucket-org>/.boost/admin/pipelines/settings. You can do this by clicking the Enable Pipelines button as shown above and turn it on.

    Enable Pipelines

Integration Steps

  1. Go to the Integrations page, select your Bitbucket integration, and click on the configuration tab.

  2. On the ZTP column, you will notice that the status is set to Not Set. Click on the menu next to the status and select Enable.

    Enable ZTP

  3. On the ZTP Wizard, the first step is to give BoostSecurity permissions for the Zero Touch Flow on your Bitbucket organization.

  4. Click the Install ZTP Application button to redirect you to your Bitbucket organization.

    Install ZTP Application

  5. Install and authorize the Zero Touch provisioning on all organizations. Click on the Grant Access button at the bottom of the page.

    Grant Access

  6. BoostSecurity configures the .boost repo on successful Zero Touch Provisioning installation.

  7. You are required to grant access to CI provisioning on your account.

    Grant Access

  8. The pipeline configuration is ready after a successful CI pipeline configuration!

    Successful ZTP

Zero Touch Provisioning is now enabled!!!

Next Steps

Proceed to build your first custom policy, where you would define specific actions for security events identified by configured scanners.