Skip to:

MergeBase - Security Scanner for Vulnerable Libraries & CVEs

works with Bitbucket Server 7.6.0 - 8.19.12 and more

OVERALL RATINGS

We no longer offer sales and support for server apps. You can stay connected by exploring the migration options to either the cloud or Data Center version of this app.

Explore migration program

Key highlights of the appCodeGreen is being sunset as Atlassian shifts to the cloud — visit MergeBase.com for the full BitBucket integration

watch MergeBase - Security Scanner for Vulnerable Libraries & CVEs video

Eradicate the biggest source of data breaches

Vulnerabilities in application libraries are responsible for a quarter of all data breaches. Equifax lost $5 Billion in value as a result of a breach. MergeBase identifies these vulnerabilities better than any other.

Enterprise class SDLC controls at your fingertips

Prevent developers from bringing vulnerabilities into your projects.

Mix and match friendly approaches to nudge developers in the right direction with strict enforcement of policies and procedures where needed.

"Shift Left": Starting at the source is key

Research has shown time and time again that the earlier in the software development lifecycle you can identify and fix a problem , the lower the cost to do so and the lower the negative impact on the organization.

More details

With every push MergeBase CodeGreen analyses the code developers want to add to your repositories for known-vulnerabilities and triggers warnings, rejections, and mandatory code reviews. You can configure these to extend full enterprise control over these potentially catastrophic risks to your organization.

CodeGreen's controls and reports are integrated directly into Bitbucket's push and merge hooks. Developers will start receiving valuable vulnerability reports on their next "git push" or "pull-request merge" immediately after Code Green is installed - they do not need to remember to click on special scanning or reporting pages. It's all integrated and seamless.

The current version supports:

  • Go (go.mod)
  • Java (pom.xml)
  • JavaScript and TypeScript (package-lock.json and/or yarn.lock)
  • .NET (*.csproj and *.vbproj)
  • PHP (composer.lock)
  • Python (requirements.txt)
  • Ruby (Gemfile.lock)

Resources

Privacy and Security

Privacy policy

Atlassian's privacy policy is not applicable to the use of this app. Please refer to the privacy policy provided by this app's partner.

Partner privacy policy

Security program

This app is not part of the Marketplace Bug Bounty program.

Version information

We no longer offer sales and support for server apps. You can still explore the earlier versions but these may not offer the necessary support.

Explore all server versions

Learn and explore

  • What’s Marketplace
  • App installation
  • About Atlassian
  • Atlassian resources
  • Search and ranking
  • Atlassian events
  • Atlassian foundation

Follow