Skip to content

How to install Zero Touch Provisioning for Bitbucket

Zero Touch Provisioning (ZTP) for Bitbucket enables the security check workflows to be executed from the .boost repository in the Bitbucket organization. To install ZTP for Bitbucket, follow the steps below:

  1. Navigate to the Integrations page and select the Bitbucket integration from the Available section.
  2. Select Install, and you will be directed to authorize access to BoostSecurity for your workspace.
  3. Select the appropriate Bitbucket workspace for which you want to authorize the BoostSecurity App.

    Note: You are required to Enable development mode for your workspace to install applications. To do this, navigate to your workspace settings page, i.e.,

  4. Select Grant access.

  5. Create a repo called .boost, which has to be a non-empty repo, i.e., you can include a .README file.
  6. Proceed to the Integrations page again and select "Zero Touch Provisioning For Bitbucket" and go ahead to install ZTP for Bitbucket on your workspace.
  7. Next, navigate to the Provisioning page and select at least one repository you'll be installing ZTP on.

    Note: Do not install ZTP on the .boost repository.

  8. Click on "Provision 1 Repository" in the top-right corner of the page.

  9. Select Zero Touch Provisioning and click the "Next" button.
  10. Select the scanners to provision for the repo. BoostSecurity Scanner and Semgrep are often good scanners to start with.
  11. Select "Bitbucket Pipelines" and click on "Complete".
  12. To authorize this action, click "Grant access" in front of the chosen repository.
  13. Navigate to your project's .boost repo on Bitbucket, merge the Pull Request from YOUR-ORGANIZATION/boostsecurity-ci-provisioning, and then delete the branch.

And that's it!! You've successfully installed ZTP on the repo. You can then navigate to Scans to check you can if you can see the scan after a few minutes or if you see the pipeline running immediately.

Note: Make sure the Pipeline for the repo you want to install ZTP for is enabled. You can confirm that the pipeline is green/enabled from the repository settings, i.e.,