Bitbucket - Create Pull Request

Bitbucket - Create Pull Request generates a pull request in Bitbucket for:

• Assets returned by the selected query or assets selected on the relevant asset page.

This Enforcement Action works in two steps, as follows:

1. Creates a branch in the repository with the branch name roughly following the pattern: axonius-{normalized_asset_name}-{axon_id}. The normalized asset name is the asset name with only latin alphabet characters, decimal numbers, and underscores. Other characters in the asset name are dropped.

2. Opens a pull request using the previously created branch. The content of the pull request is a message detailing the asset tags.

Required Fields

These fields must be configured to run the Enforcement Set.

• Use stored credentials from Bitbucket adapter - Select this option to use credentials from the adapter connection. By default, the first connection is selected.

  • When you select this option, the Select Adapter Connection drop-down becomes available. Select the adapter connection to use for this Enforcement Action.

📘

Note

To use this option, you must successfully configure a Bitbucket adapter connection.

• Project Key (V1) or Workspace Slug (V2) - The project key (for Bitbucket Server connections) or the workspace slug (for Bitbucket Cloud connections). Both can be found in the URL of the project/workspace.

• Repository Slug - The slug for the repository where the pull request will be opened. This can be found in the URL of the repository.

• Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Working with Axonius Compute Nodes.

Additional Fields

These fields are optional.

💡

Connection and Credentials

When Use stored credentials from the adapter is toggled off, some of the connection fields below are required to create the connection, while other fields are optional.

• Host Name or IP Address - The hostname or IP address of the Bitbucket server.

• Username (V1) or Client ID (V2 Bitbucket Cloud) - The user name for the Bitbucket server, or the client ID for the Bitbucket Cloud that has the Required Permissions to fetch assets.

• Password (V1) or App Secret (V2 Bitbucket Cloud) - The password for the Bitbucket server, or the App Secret for the Bitbucket Cloud.

• Use Bitbucket Cloud API (V2) - Select this option to use the Bitbucket Cloud instead of the Bitbucket server.

• Use OAuth2 to Authenticate - Select this option to use OAuth2 client credentials to authenticate Bitbucket API V2.

• API Rate Limit per Hour (default: 1000) - Specify a rate limit for the number of requests per hour to be sent to Bitbucket.

• Verify SSL (optional) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

• HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

• HTTPS Proxy User Name (optional) - The user name to use when connecting to the server using the HTTPS Proxy.

• HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

• Gateway Name - Select the Gateway through which to connect to perform the action.

APIs

Axonius uses the following APIs:

• The Bitbucket Cloud REST API (V2)

  • Create a pull request - Creates a new pull request where the destination repository is this repository and the author is the authenticated user.
  • Create a branch - Creates a new branch in the specified repository.

• The Bitbucket Data Center REST API (V1)

  • Create pull request - Creates a new pull request from a source branch or tag to a target branch. The source and target may be in the same repository, or different ones.
  • Create branch - Creates a branch in the specified repository.

Required Permissions

The following permissions are required to perform this Enforcement Action:

• Bitbucket Cloud REST API (V2):

  • repository:write
  • pullrequest:write

• Bitbucket Server REST API (V1):

  • REPO_WRITE
  • REPO_READ