5
Customers have installed this app in at least 5 active instances.
5
Customers have installed this app in at least 5 active instances.
    by MergeBasefor Bitbucket Server 5.8.0 - 6.9.0, Bitbucket Data Center 5.8.0 - 6.9.0 and more versions
    Versions available for Bitbucket Server 5.0.0 - 5.7.4
    Supported
    MergeBase supports this app.

    Get support

    Supported
    MergeBase supports this app.

    Get support

    Get it nowFree app

    Code Green is an integrated Git early-warning defence against the OWASP Top-10 Risk: Libraries With Known-Vulnerabilities

    Code Green is an integrated Git early-warning defence against the OWASP Top-10 Risk: Libraries With Known-Vulnerabilities

    Code Green is an integrated Git early-warning defence against the OWASP Top-10 Risk: Libraries With Known-Vulnerabilities

    Push Policy: Prevent & Reduce Vulnerable Libraries

    Double-Push In Action: Integrated CVE Scan Reports

    Signoff Policy: Cyber Security Is A Team Sport

    Prevent developers from introducing new vulnerable libraries into your projects.

    - More accurate than competing tools.

    - Fewer false positives.

    - Use "mergebase.ignore" file to designate unimportant vulnerabilities.

    Innovative "double-push" control informs staff about vulnerable library versions on every git push.

    - Lightning fast scans (<1 second) integrated into git push

    - Empowers developers to fix now, or postpone if necessary

    New vulnerabilities are published every day. Use the signoff policy to keep dev and security teams on the same page.

    - Auto-add security team to pull-request reviews

    - Trigger policy based on CVSS severity thresholds

    Push Policy: Prevent & Reduce Vulnerable Libraries

    Double-Push In Action: Integrated CVE Scan Reports

    Signoff Policy: Cyber Security Is A Team Sport

    Prevent developers from introducing new vulnerable libraries into your projects.

    - More accurate than competing tools.

    - Fewer false positives.

    - Use "mergebase.ignore" file to designate unimportant vulnerabilities.

    Innovative "double-push" control informs staff about vulnerable library versions on every git push.

    - Lightning fast scans (<1 second) integrated into git push

    - Empowers developers to fix now, or postpone if necessary

    New vulnerabilities are published every day. Use the signoff policy to keep dev and security teams on the same page.

    - Auto-add security team to pull-request reviews

    - Trigger policy based on CVSS severity thresholds

    More details

    MergeBase Code Green - CVE Scanner scans your repositories for known-vulnerabilities and triggers warnings, rejections, and mandatory code reviews under various scenarios.

    Code Green's controls and reports are integrated directly into Bitbucket's push and merge hooks. Developers will start receiving valuable vulnerability reports on their next "git push" or "pull-request merge" immediately after Code Green is installed - they do not need to remember to click on special scanning or reporting pages. It's all integrated and seamless.

    The current version supports Ruby (Gemfile.lock), Java (pom.xml), and JavaScript (package-lock.json and yarn.lock).

    More details

    MergeBase Code Green - CVE Scanner scans your repositories for known-vulnerabilities and triggers warnings, rejections, and mandatory code reviews under various scenarios.

    Code Green's controls and reports are integrated directly into Bitbucket's push and merge hooks. Developers will start receiving valuable vulnerability reports on their next "git push" or "pull-request merge" immediately after Code Green is installed - they do not need to remember to click on special scanning or reporting pages. It's all integrated and seamless.

    The current version supports Ruby (Gemfile.lock), Java (pom.xml), and JavaScript (package-lock.json and yarn.lock).

    Reviews for cloud

    (0)Sign in to write a review

    There are no reviews yet. Be the first to review this app.

    Reviews for server

    (0)Sign in to write a review

    There are no reviews yet. Be the first to review this app.

    Reviews for Data Center

    (0)Sign in to write a review

    There are no reviews yet. Be the first to review this app.

    Cloud Pricing

    Server Pricing

    Data Center Pricing

    MergeBase provides support for this app.

    MergeBase provides support for this app.

    Vendor support resources

    Documentation

    Find out how this app works.

    See existing Q&A in Atlassian CommunityAsk a question in the Atlassian Community

    Atlassian-hosted discussions connect you to other customers who use this app.

    Vendor support resources

    Documentation

    Find out how this app works.

    See existing Q&A in Atlassian CommunityAsk a question in the Atlassian Community

    Atlassian-hosted discussions connect you to other customers who use this app.

    Versions

    Version 2019.12.12 Bitbucket Server 5.8.0 - 6.9.0 Released 2019-12-13

    Summary

    Ability to parse yarn.lock files

    Details

    Introduced ability to parse yarn.lock files. Also improved some aspects of the "git push origin HEAD:refs/mergebase/full" report.

    Versions

    Version 2019.12.12 Bitbucket Data Center 5.8.0 - 6.9.0 Released 2019-12-13

    Summary

    Ability to parse yarn.lock files

    Details

    Introduced ability to parse yarn.lock files. Also improved some aspects of the "git push origin HEAD:refs/mergebase/full" report.

    Installation

    1. Log into your Bitbucket instance as an admin.
    2. Click the admin dropdown and choose Add-ons. The Manage add-ons screen loads.
    3. Click Find new apps or Find new add-ons from the left-hand side of the page.
    4. Locate MergeBase Code Green - CVE Scanner via search. Results include app versions compatible with your Bitbucket instance.
    5. Click Install to download and install your app.
    6. You're all set! Click Close in the Installed and ready to go dialog.

    To find older MergeBase Code Green - CVE Scanner versions compatible with your instance, you can look through our version history page.

    1. Log into your Bitbucket instance as an admin.
    2. Click the admin dropdown and choose Add-ons. The Manage add-ons screen loads.
    3. Click Find new apps or Find new add-ons from the left-hand side of the page.
    4. Locate MergeBase Code Green - CVE Scanner via search. Results include app versions compatible with your Bitbucket instance.
    5. Click Install to download and install your app.
    6. You're all set! Click Close in the Installed and ready to go dialog.

    To find older MergeBase Code Green - CVE Scanner versions compatible with your instance, you can look through our version history page.

    Similar apps