6
Customers have installed this app in at least 6 active instances.
6
Customers have installed this app in at least 6 active instances.
    by MergeBasefor Bitbucket Server 5.8.0 - 6.10.0, Bitbucket Data Center 5.8.0 - 6.10.0 and more versions
    Versions available for Bitbucket Server 5.0.0 - 5.7.4
    Supported
    MergeBase supports this app.

    Get support

    Supported
    MergeBase supports this app.

    Get support

    Code Green is an integrated Git early-warning defence against the OWASP Top-10 Risk: Libraries With Known-Vulnerabilities

    Code Green is an integrated Git early-warning defence against the OWASP Top-10 Risk: Libraries With Known-Vulnerabilities

    Code Green is an integrated Git early-warning defence against the OWASP Top-10 Risk: Libraries With Known-Vulnerabilities

    Push Policy: Prevent & Reduce Vulnerable Libraries

    Double-Push In Action: Integrated CVE Scan Reports

    Signoff Policy: Cyber Security Is A Team Sport

    Prevent developers from introducing new vulnerable libraries into your projects.

    - More accurate than competing tools.

    - Fewer false positives.

    - Use "mergebase.ignore" file to designate unimportant vulnerabilities.

    Innovative "double-push" control informs staff about vulnerable library versions on every git push.

    - Lightning fast scans (<1 second) integrated into git push

    - Empowers developers to fix now, or postpone if necessary

    New vulnerabilities are published every day. Use the signoff policy to keep dev and security teams on the same page.

    - Auto-add security team to pull-request reviews

    - Trigger policy based on CVSS severity thresholds

    Push Policy: Prevent & Reduce Vulnerable Libraries

    Double-Push In Action: Integrated CVE Scan Reports

    Signoff Policy: Cyber Security Is A Team Sport

    Prevent developers from introducing new vulnerable libraries into your projects.

    - More accurate than competing tools.

    - Fewer false positives.

    - Use "mergebase.ignore" file to designate unimportant vulnerabilities.

    Innovative "double-push" control informs staff about vulnerable library versions on every git push.

    - Lightning fast scans (<1 second) integrated into git push

    - Empowers developers to fix now, or postpone if necessary

    New vulnerabilities are published every day. Use the signoff policy to keep dev and security teams on the same page.

    - Auto-add security team to pull-request reviews

    - Trigger policy based on CVSS severity thresholds

    More details

    MergeBase Code Green - CVE Scanner scans your repositories for known-vulnerabilities and triggers warnings, rejections, and mandatory code reviews under various scenarios.

    Code Green's controls and reports are integrated directly into Bitbucket's push and merge hooks. Developers will start receiving valuable vulnerability reports on their next "git push" or "pull-request merge" immediately after Code Green is installed - they do not need to remember to click on special scanning or reporting pages. It's all integrated and seamless.

    The current version supports Ruby (Gemfile.lock), Java (pom.xml), and JavaScript (package-lock.json and yarn.lock).

    More details

    MergeBase Code Green - CVE Scanner scans your repositories for known-vulnerabilities and triggers warnings, rejections, and mandatory code reviews under various scenarios.

    Code Green's controls and reports are integrated directly into Bitbucket's push and merge hooks. Developers will start receiving valuable vulnerability reports on their next "git push" or "pull-request merge" immediately after Code Green is installed - they do not need to remember to click on special scanning or reporting pages. It's all integrated and seamless.

    The current version supports Ruby (Gemfile.lock), Java (pom.xml), and JavaScript (package-lock.json and yarn.lock).

    Reviews for cloud

    (0)Sign in to write a review

    There are no reviews yet. Be the first to review this app.

    Reviews for server

    (0)Sign in to write a review

    There are no reviews yet. Be the first to review this app.

    Reviews for Data Center

    (0)Sign in to write a review

    There are no reviews yet. Be the first to review this app.

    Cloud Pricing

    Server Pricing

    Data Center Pricing

    25 users$725/year50 users$1,300/year100 users$2,375/year250 users$4,750/year500 users$6,325/year1000 & upAdditional pricing details

    Pricing FAQ

    How does Data Center app pricing work?

    Data Center apps are sold as an annual subscription. You are eligible for support and version updates as long as your subscription is active.

    If app pricing changes after your initial purchase, there's a 60-day grandfathering period during which you can renew based on the old pricing.

    How do I determine my Data Center pricing?

    Apps are billed based on the number of users in your Atlassian product. The app tier should match the licensed user tier of the Atlassian product. For example, if you have a Confluence license for 500 users, you should purchase the 500-user tier for apps. Even if fewer users want to use the app than your Atlassian product license, the two licenses should match exactly.

    Can I install this app in a Data Center product?

    Yes, this app has a Data Center approved version. If you're using a Data Center product, you should install the Data Center version of the app.

    Learn more about Data Center approved apps

    What type of license do I need if I'm using this app in a Data Center product?

    Because this app has a Data Center approved version, you should purchase a Data Center license for the app.

    If you already own a server license for this app, you can continue using the server license in your Data Center product for a limited period of time.

    Learn more about Data Center licensing

    Do you offer academic, community, or open-source licenses for Data Center apps?

    For Data Center apps, academic licenses are available at a 50% discount if you have an academic license for your Atlassian product.

    Community and open-source licenses are not available for Data Center apps. Learn more about community and open source licenses.

    Can I extend my free trial?

    For Data Center apps, you can extend your app trial up to 5 times - in other words, for up to six months. Extend your trial by generating a new evaluation license key from Atlassian Marketplace. Click Try it free and you'll be directed to generate a new license. Paste this license key into the app listing in UPM from your Atlassian product, and you're all set.

    MergeBase provides support for this app.

    MergeBase provides support for this app.

    Vendor support resources

    Documentation

    Find out how this app works.

    See existing Q&A in Atlassian CommunityAsk a question in the Atlassian Community

    Atlassian-hosted discussions connect you to other customers who use this app.

    Vendor support resources

    Documentation

    Find out how this app works.

    See existing Q&A in Atlassian CommunityAsk a question in the Atlassian Community

    Atlassian-hosted discussions connect you to other customers who use this app.

    Versions

    Version 2019.12.12 Bitbucket Server 5.8.0 - 6.10.0 Released 2019-12-13

    Summary

    Ability to parse yarn.lock files

    Details

    Introduced ability to parse yarn.lock files. Also improved some aspects of the "git push origin HEAD:refs/mergebase/full" report.

    Versions

    Version 2019.12.13 Bitbucket Data Center 5.8.0 - 6.10.0 Released 2020-01-15

    Summary

    Switching plugin from free to paid

    Installation

    1. Log into your Bitbucket instance as an admin.
    2. Click the admin dropdown and choose Add-ons. The Manage add-ons screen loads.
    3. Click Find new apps or Find new add-ons from the left-hand side of the page.
    4. Locate MergeBase Code Green - CVE Scanner via search. Results include app versions compatible with your Bitbucket instance.
    5. Click Install to download and install your app.
    6. You're all set! Click Close in the Installed and ready to go dialog.

    To find older MergeBase Code Green - CVE Scanner versions compatible with your instance, you can look through our version history page.

    1. Log into your Bitbucket instance as an admin.
    2. Click the admin dropdown and choose Atlassian Marketplace. The Manage add-ons screen loads.
    3. Click Find new apps or Find new add-ons from the left-hand side of the page.
    4. Locate MergeBase Code Green - CVE Scanner via search. The appropriate app version appears in the search results.
    5. Click Try free to begin a new trial or Buy now to purchase a license for MergeBase Code Green - CVE Scanner. You're prompted to log into MyAtlassian. MergeBase Code Green - CVE Scanner begins to download.
    6. Enter your information and click Generate license when redirected to MyAtlassian.
    7. Click Apply license. If you're using an older version of UPM, you can copy and paste the license into your Bitbucket instance.

    To find older MergeBase Code Green - CVE Scanner versions compatible with your instance, you can look through our version history page.

    Similar apps