MergeBase SCA Scanner

for Bamboo Server 7.0.1 - 9.2.16 and more

We no longer offer sales and support for server apps. You can stay connected by exploring the migration options to either the cloud or Data Center version of this app.

Scan your applications for known vulnerabilities right from your Bamboo plans

MergeBase is an SCA extension (software composition analysis) that scans your applications within your Bamboo plans. Use MergeBase to help your development teams identify dangerous and insecure library versions early. Your results will be displayed in your own web based dashboard. Please

create a MergeBase security dashboard for your organization first, if you don't have one yet.


  • Supports all your DevOps languages: Javascript, Python, C#, Go, Ruby, Java, and more.
  • Lowest false positive rate in the industry: Don't waste time chasing false positives.
  • Sophisticated suppression management, so you can effectively pursue a zero-vuln strategy.
  • Microsoft Board integration and developer guidance to streamline your workflows.
  • Real-time notification if new vulnerabilities are uncovered in the industry, allowing you to respond to emerging threats immediately.
  • Analyses your open source licenses enabling you to manage your legal risks.

Privacy and security

Privacy policy

Atlassian's privacy policy is not applicable to the use of this app. Please refer to the privacy policy provided by this app's partner.

Partner privacy policy



Easily configure Bamboo to upload MergeBase scans directly from your build pipeline!