We’re excited to introduce the Orca Bitbucket App, a seamless and native integration that enables security teams to automatically scan Bitbucket repositories for misconfigurations, exposed secrets, and vulnerabilities—all without disrupting developer workflows.

With this release, security teams can eliminate the complexity of code scanning to foster their Application Security (AppSec) program, which is usually slowed down by manually integrating security tools into each repository and CI/CD pipeline—adding overhead and friction between security and development teams.

The Orca Bitbucket App automates security scanning across all repositories, ensuring consistent enforcement without manual setup. This integration also expands our native security coverage across platforms like GitHub, GitLab, and Azure DevOps, reinforcing our integration-first approach to strengthening your existing tech stack.

A screenshot of the Code Security dashboard within the Orca platform
The Code Security dashboard within Orca offers a filterable view of all Bitbucket repositories and their key at-a-glance security findings 

Exploring the Bitbucket App

Traditional AppSec scanning requires manually embedding command line (CLI) tools in every pipeline, a tedious process that slows development and creates friction between security and DevOps teams. It also makes it challenging to ensure consistent coverage across all repositories and prevent security gaps. 

The Orca Bitbucket App eliminates these pain points. After a one-time authentication, security teams can centrally manage and enforce policies across all existing and future repositories—without manual setup. 

Here’s how the Orca Bitbucket App enhances security:

  • Automated security scans on every merge: Protected branches are continuously scanned, with contextual alerts and actionable insights to help teams quickly identify and remediate security issues. 
  • Configurable pull request scans: Orca scans every pull request, detecting newly introduced issues and alerting developers in real time. This proactive approach helps prevent problematic code from being merged until all detected issues are resolved. 
  • Periodic scans for inactive repositories: Even rarely updated repositories are monitored, ensuring that newly discovered vulnerabilities don’t go unnoticed.

By eliminating manual security configuration and embedding security directly into development workflows, the Orca Bitbucket App delivers smarter, faster, and more effective application security. 

Enhanced automation and visibility for security teams

The Orca Bitbucket App simplifies application security by automating code scanning across all repositories—eliminating the need for DevOps teams to manually configure security tools for each repository or pipeline. 

Security teams can centrally enforce security policies that block pull requests for high-severity problems, covering misconfigurations, vulnerabilities, and exposed secrets. This ensures that security remains consistent and scalable without disrupting development workflows. 

Additionally, the Code Security dashboard within Orca provides a comprehensive, filterable view of all repositories across different SCM platforms, giving security teams full visibility into application risks at a glance.

A screenshot of the Orca platform providing full visibility into all repositories across SCM providers
The Orca Platform provides full visibility into all repositories across SCM providers with key insights into each repository 

A developer-centric security experience 

The Orca Bitbucket App integrates seamlessly into developers’ workflows, delivering security feedback directly within pull requests so issues can be resolved before merging. Clear, in-context annotations highlight vulnerabilities and provide actionable guidance, enabling developers to fix issues without leaving Bitbucket or slowing down their work. 

By embedding security into the development process, Orca ensures teams can write secure code efficiently and with minimal disruption.

A screenshot of a pull request being blocked by the Orca platform due to a high severity alert for secrets
This block pull request shows a high severity alert for secrets, which the developer must address before they can merge the PR to the main branch 

About the Orca Cloud Security Platform

Orca enables organizations to command their cloud by identifying, prioritizing, and remediating security risks and compliance issues across AWS, Azure, Google Cloud, Kubernetes, Oracle Cloud, and Alibaba Cloud. Leveraging our patented SideScanning™ Technology, the Orca Cloud Security Platform detects vulnerabilities, misconfigurations, malware, lateral movement, data risks, API risks, overly permissive identities, and much more.

Orca also offers comprehensive Application Security capabilities, which include Software Composition Analysis (SCA), Static Application Security Testing (SAST), OSS License Detection, Secrets Detection, Infrastructure as Code (IaC) Security, Source Code Management Posture Management (SCM-PM), and more. Orca also offers deep integrations with GitHub, GitLab, Azure DevOps, Bitbucket, and Snyk to unify security across the application lifecycle.

Learn More

Interested in seeing the Orca Bitbucket App in action? Schedule a personalized 1:1 demo, and we’ll demonstrate the capabilities and benefits.