Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

Cut through the noise and secure your Bitbucket codebase with Hopper. Our integration connects directly to Bitbucket Server or Data Center via read-only Git access, delivering deep static analysis and function-level reachability insights, without agents or pipeline changes. Hopper flags only real risks, filters out false positives, and enriches your security posture with license policy enforcement and exportable SBOMs.
It supports both the Bitbucket server and data center with zero disruption to existing workflows.

Capabilities

  • Automatically lists all repositories in the connected Bitbucket workspace.
  • Uses secure, read-only Git access to clone repositories without agents or CI/CD changes
  • Performs static code analysis using read-only Git access.
  • Detects direct and transitive dependencies, including shaded and repackaged libraries.
  • Analyzes reachability at the function level to determine actual exploitability.
  • Detects license violations and generates complete SBOMs in SPDX or CycloneDX format.

Requirements

  • Hopper account
  • Bitbucket Cloud
  • Permission to install a Bitbucket Cloud app

Setup Instructions

  1. Log in to the Hopper platform.
  2. Navigate to Integrations > Bitbucket and click “Connect”.
  3. Log in to your Bitbucket account (if you aren’t logged in already).
  4. Select your Bitbucket workspace and click  “Grant access”.
  5. Hopper will begin analysis automatically. No build or pipeline configuration is needed.

Permissions

Hopper requires only the following permissions:

  • Read access to repository metadata (e.g., names, branches)
  • Read access to file content for static analysis

The integration does not:

  • Modify repositories or files
  • Access deployment environments
  • Require write or admin access

Security and Data Handling

Hopper accesses repositories over HTTPS using secure authentication methods. No source code is stored. All analysis is performed in memory or via ephemeral access.

Output

  • List of reachable vulnerabilities with call graph and file/function context
  • License inventory and license violation alerts
  • Exportable SBOMs in SPDX or CycloneDX formats

Support

For troubleshooting or technical questions, contact: support@hopper.security