New Native App Automatically Scans Bitbucket Repositories to Identify Misconfigurations, Exposed Secrets, and Vulnerabilities
Orca Security, the pioneer of agentless cloud security, has unveiled the Orca Bitbucket App, a native integration designed to automatically scan Bitbucket repositories for misconfigurations, exposed secrets, and vulnerabilities. This new capability empowers security teams to safeguard application delivery pipelines without disrupting developer workflows or slowing innovation.
In today’s fast-paced development environments, code scanning is a vital component of any robust application security strategy. Developers frequently rely on widely used code repositories, which—while essential for accelerating development—can introduce hidden security risks. Traditionally, teams have needed to manually embed Command Line Interface (CLI) tools into individual repositories and CI/CD pipelines, a process that adds operational complexity and often creates friction between development and security teams. Ensuring consistent coverage across all repositories also becomes a persistent challenge.
“Code repositories like Bitbucket are critical enablers for development teams,” said Arie Teter, chief product officer, Orca Security. “Relying on popular public code rather than reinventing the wheel for each development lifecycle is crucial for developers who want to move at the speed of business. The trouble is that code repositories are often riddled with vulnerabilities, and that risk must be managed without slowing down DevOps teams. The Orca Bitbucket app provides a necessary layer of security that does not impede the CI/CD pipeline, enabling developers to ship more secure code faster.”
Also Read: Okta Extends Identity Security to AI, Non-Human Identities
With just a one-time authentication, the Orca Bitbucket App enables centralized policy management across all current and future repositories—eliminating the need for manual setup. Integrated within Orca’s Code Security dashboard, this new functionality gives security teams full visibility into risks across multiple Source Code Management (SCM) platforms.
Key features of the Orca Bitbucket App include:
-
Automated security scans with every merge: Continuous scanning of protected branches delivers contextual alerts and actionable insights to help teams quickly identify and resolve vulnerabilities.
-
Real-time pull request analysis: Each pull request is scanned automatically, identifying new issues and alerting developers before code is merged—enhancing proactive risk prevention.
-
Ongoing protection for inactive repositories: Even rarely updated repositories are periodically scanned, ensuring that newly discovered threats are not overlooked.
The addition of Bitbucket support expands Orca Security’s comprehensive CI/CD coverage, which already includes integrations with Jira, GitHub, GitLab, and Azure DevOps. This enhancement further solidifies Orca’s commitment to securing every stage of the software development lifecycle.