8
Customers have installed this app in at least 8 active instances.
8
Customers have installed this app in at least 8 active instances.
    by MergeBasefor Bitbucket Server 5.8.0 - 7.0.0 and Bitbucket Data Center 5.8.0 - 7.0.0
    Supported
    MergeBase supports this app.

    Get support

    Supported
    MergeBase supports this app.

    Get support

    Code Green is an integrated Git early-warning defence against the OWASP Top-10 Risk: Libraries With Known-Vulnerabilities

    Code Green is an integrated Git early-warning defence against the OWASP Top-10 Risk: Libraries With Known-Vulnerabilities

    Code Green is an integrated Git early-warning defence against the OWASP Top-10 Risk: Libraries With Known-Vulnerabilities

    Push Policy: Prevent & Reduce Vulnerable Libraries

    Double-Push In Action: Integrated CVE Scan Reports

    Signoff Policy: Cyber Security Is A Team Sport

    Prevent developers from introducing new vulnerable libraries into your projects.

    - More accurate than competing tools.

    - Fewer false positives.

    - Use "mergebase.ignore" file to designate unimportant vulnerabilities.

    Innovative "double-push" control informs staff about vulnerable library versions on every git push.

    - Lightning fast scans (<1 second) integrated into git push

    - Empowers developers to fix now, or postpone if necessary

    New vulnerabilities are published every day. Use the signoff policy to keep dev and security teams on the same page.

    - Auto-add security team to pull-request reviews

    - Trigger policy based on CVSS severity thresholds

    Push Policy: Prevent & Reduce Vulnerable Libraries

    Double-Push In Action: Integrated CVE Scan Reports

    Signoff Policy: Cyber Security Is A Team Sport

    Prevent developers from introducing new vulnerable libraries into your projects.

    - More accurate than competing tools.

    - Fewer false positives.

    - Use "mergebase.ignore" file to designate unimportant vulnerabilities.

    Innovative "double-push" control informs staff about vulnerable library versions on every git push.

    - Lightning fast scans (<1 second) integrated into git push

    - Empowers developers to fix now, or postpone if necessary

    New vulnerabilities are published every day. Use the signoff policy to keep dev and security teams on the same page.

    - Auto-add security team to pull-request reviews

    - Trigger policy based on CVSS severity thresholds

    More details

    MergeBase Code Green - CVE Scanner scans your repositories for known-vulnerabilities and triggers warnings, rejections, and mandatory code reviews under various scenarios.

    Code Green's controls and reports are integrated directly into Bitbucket's push and merge hooks. Developers will start receiving valuable vulnerability reports on their next "git push" or "pull-request merge" immediately after Code Green is installed - they do not need to remember to click on special scanning or reporting pages. It's all integrated and seamless.

    The current version supports Ruby (Gemfile.lock), Java (pom.xml), and JavaScript (package-lock.json and yarn.lock).

    More details

    MergeBase Code Green - CVE Scanner scans your repositories for known-vulnerabilities and triggers warnings, rejections, and mandatory code reviews under various scenarios.

    Code Green's controls and reports are integrated directly into Bitbucket's push and merge hooks. Developers will start receiving valuable vulnerability reports on their next "git push" or "pull-request merge" immediately after Code Green is installed - they do not need to remember to click on special scanning or reporting pages. It's all integrated and seamless.

    The current version supports Ruby (Gemfile.lock), Java (pom.xml), and JavaScript (package-lock.json and yarn.lock).

    Reviews for cloud

    (0)Sign in to write a review

    There are no reviews yet. Be the first to review this app.

    Reviews for server

    (0)Sign in to write a review

    There are no reviews yet. Be the first to review this app.

    Reviews for Data Center

    (0)Sign in to write a review

    There are no reviews yet. Be the first to review this app.

    Cloud Pricing

    Server Pricing

    Data Center Pricing

    10 users$1025 users$72550 users$1,300100 users$2,375250 users$4,750500 & upAdditional pricing details
    25 users$725/year50 users$1,300/year100 users$2,375/year250 users$4,750/year500 users$6,325/year1000 & upAdditional pricing details

    Pricing FAQ

    How does server app pricing work?

    Server products and apps are hosted on your servers. This app is sold as a perpetual license, and the purchase price includes 12 months of maintenance (support and version updates).

    You can renew maintenance after 12 months at 50% of the current purchase price. You can upgrade the tier of your Atlassian product and app licenses at any time. Upgrade prices are calculated based on Atlassian's formula (view example).

    If app pricing changes after your initial purchase, there's a 60-day grandfathering period during which you can renew based on the old pricing.

    How do I determine my server pricing?

    Apps are billed based on the number of users in your Atlassian product. The app tier should match the licensed user tier of the Atlassian product. For example, if you have a Confluence license for 500 users, you should purchase the 500-user tier for apps. Even if fewer users want to use the app than your Atlassian product license, the two licenses should match exactly.

    Can I install this app in a Data Center product?

    Yes, this app has a Data Center approved version. If you're using a Data Center product, you should install the Data Center version of the app.

    Learn more about Data Center approved apps

    What type of license do I need if I'm using this app in a Data Center product?

    Because this app has a Data Center approved version, you should purchase a Data Center license for the app.

    If you already own a server license for this app, you can continue using the server license in your Data Center product for a limited period of time.

    Learn more about Data Center licensing

    Do you offer academic, community, or open-source licenses for server apps?

    For server apps, academic licenses are available at a 50% discount if you have an academic license for your Atlassian product.

    Community and open-source licenses are available for server apps. Learn more about community and open source licenses.

    Can I extend my free trial?

    For server apps, you can extend your app trial up to 5 times - in other words, for up to six months. Extend your trial by generating a new evaluation license key from Atlassian Marketplace. Click Try it free and you'll be directed to generate a new license. Paste this license key into the app listing in UPM from your Atlassian product, and you're all set.

    How can I buy apps for my legacy Jira Server or Confluence Server license?

    If you own a legacy Jira Server Unlimited (100+ users) or Confluence Server Unlimited (2000+ users) license purchased in 2012 or earlier, legacy app pricing is no longer available. You have two options for app purchasing:

    • Purchase the app at the non-legacy Unlimited (10000+ users) tier.
    • Renew your Jira or Confluence license at a non-legacy tier, then purchase the app at the same tier.

    Learn more

    Pricing FAQ

    How does Data Center app pricing work?

    Data Center apps are sold as an annual subscription. You are eligible for support and version updates as long as your subscription is active.

    If app pricing changes after your initial purchase, there's a 60-day grandfathering period during which you can renew based on the old pricing.

    How do I determine my Data Center pricing?

    Apps are billed based on the number of users in your Atlassian product. The app tier should match the licensed user tier of the Atlassian product. For example, if you have a Confluence license for 500 users, you should purchase the 500-user tier for apps. Even if fewer users want to use the app than your Atlassian product license, the two licenses should match exactly.

    Can I install this app in a Data Center product?

    Yes, this app has a Data Center approved version. If you're using a Data Center product, you should install the Data Center version of the app.

    Learn more about Data Center approved apps

    What type of license do I need if I'm using this app in a Data Center product?

    Because this app has a Data Center approved version, you should purchase a Data Center license for the app.

    If you already own a server license for this app, you can continue using the server license in your Data Center product for a limited period of time.

    Learn more about Data Center licensing

    Do you offer academic, community, or open-source licenses for Data Center apps?

    For Data Center apps, academic licenses are available at a 50% discount if you have an academic license for your Atlassian product.

    Community and open-source licenses are not available for Data Center apps. Learn more about community and open source licenses.

    Can I extend my free trial?

    For Data Center apps, you can extend your app trial up to 5 times - in other words, for up to six months. Extend your trial by generating a new evaluation license key from Atlassian Marketplace. Click Try it free and you'll be directed to generate a new license. Paste this license key into the app listing in UPM from your Atlassian product, and you're all set.

    MergeBase provides support for this app.

    MergeBase provides support for this app.

    Vendor support resources

    Documentation

    Find out how this app works.

    See existing Q&A in Atlassian CommunityAsk a question in the Atlassian Community

    Atlassian-hosted discussions connect you to other customers who use this app.

    Vendor support resources

    Documentation

    Find out how this app works.

    See existing Q&A in Atlassian CommunityAsk a question in the Atlassian Community

    Atlassian-hosted discussions connect you to other customers who use this app.

    Versions

    Version 2020.02.08 Bitbucket Server 5.8.0 - 7.0.0 Released 2020-02-09

    Summary

    Two bugfixes and some UI improvements

    Details

    Two bugfixes:

    • Invalid dependency files (e.g., a malformed pom.xml) would blow up entire pre-receive, causing push to get rejected, even if no vulnerabilities were present.
    • If a "multi" push included at least one branch-delete or tag-delete the entire push would skip Code Green.

    Some UI improvements:

    • Zero vulnerability pushes now report "Good job! Keep up the good work!".
    • Double-pushes now report "Vulnerabilities still present. Double-push completed." (Whereas before the push would go through with no message at all, potentially causing confusion.)

    Versions

    Version 2020.02.08 Bitbucket Data Center 5.8.0 - 7.0.0 Released 2020-02-08

    Summary

    Two bugfixes and some UI improvements

    Details

    Two bugfixes:

    • Invalid dependency files (e.g., a malformed pom.xml) would blow up entire pre-receive, causing push to get rejected, even if no vulnerabilities were present.
    • If a "multi" push included at least one branch-delete or tag-delete the entire push would skip Code Green.

    Some UI improvements:

    • Zero vulnerability pushes now report "Good job! Keep up the good work!".
    • Double-pushes now report "Vulnerabilities still present. Double-push completed." (Whereas before the push would go through with no message at all, potentially causing confusion.)

    Installation

    1. Log into your Bitbucket instance as an admin.
    2. Click the admin dropdown and choose Atlassian Marketplace. The Manage add-ons screen loads.
    3. Click Find new apps or Find new add-ons from the left-hand side of the page.
    4. Locate MergeBase Code Green - CVE Scanner via search. The appropriate app version appears in the search results.
    5. Click Try free to begin a new trial or Buy now to purchase a license for MergeBase Code Green - CVE Scanner. You're prompted to log into MyAtlassian. MergeBase Code Green - CVE Scanner begins to download.
    6. Enter your information and click Generate license when redirected to MyAtlassian.
    7. Click Apply license. If you're using an older version of UPM, you can copy and paste the license into your Bitbucket instance.

    To find older MergeBase Code Green - CVE Scanner versions compatible with your instance, you can look through our version history page.

    1. Log into your Bitbucket instance as an admin.
    2. Click the admin dropdown and choose Atlassian Marketplace. The Manage add-ons screen loads.
    3. Click Find new apps or Find new add-ons from the left-hand side of the page.
    4. Locate MergeBase Code Green - CVE Scanner via search. The appropriate app version appears in the search results.
    5. Click Try free to begin a new trial or Buy now to purchase a license for MergeBase Code Green - CVE Scanner. You're prompted to log into MyAtlassian. MergeBase Code Green - CVE Scanner begins to download.
    6. Enter your information and click Generate license when redirected to MyAtlassian.
    7. Click Apply license. If you're using an older version of UPM, you can copy and paste the license into your Bitbucket instance.

    To find older MergeBase Code Green - CVE Scanner versions compatible with your instance, you can look through our version history page.

    Similar apps