Perform the following steps to deploy an on-premises Bot on Bitbucket Server. The steps are applicable to AWS.
- Bitbucket Server on the AWS Cloud.
- Create a Personal Access token.
- Bot Host: An EC2 like Instance with Docker and docker-compose services and preferably running in the same Virtual Private Cloud as GitHub Enterprise Server.
Minimum Requirements – t2.micro running on Ubuntu 16 or above
- Accurics Enterprise Account.
- Port 9022 is required by the BOT to SCM Authorization Web application. Ensure that you have the correct network configuration in place for port 9022 on the BOT machine to be accessible by the SCM authorizer. The SCM authorizer is used in Step 7 of On-premises bot configuration.
On-premises bot configuration
- Login to Accurics Web Console.
- Go to Integrations and click on the “Accurics On-premises Bot”.
- Fill in the Bot Name and Bot Description on the “Create On-premises Bot” panel and click “+” button to add the bot.
Note: Multiple Bots can be added as per the requirement. Preferably, one bot should be deployed on one VM instance as configured in the Pre Reqs #2.
- Click on the download button beside the bot entry you just created. This will download a zip file.
- You can uncompress the zip file and copy its contents on to the Bot Host (Pre-Req #3).
Note: Do not rename any files or modify the contents of the files.
- Access the Bot Host via ssh, and run the following commands one by one.
chmod +x deploy_ubuntu.sh
A successful deployment should display the final output as follows.
- Launch the URL displayed in the output above in a browser which should navigate to the Bitbucket Authorization page:
- Enter the Personal Access Token.
- Specify the Bitbucket Server Address – http(s)://<bitbucket_server_host_fqdn>.com
- The Bot URL
- Click the Authorize button.
- It should navigate to the Bitbucket Server to authorize the permissions on the OAuth App. Once the Authorization is completed, the page will be navigated back to the Bot service page and a success message should appear.
Configuring Accurics Environment with the Bot
- Login to the Accurics Web-Console.
- Click “New Environment” to launch the create environment wizard.
- In the create environment wizard, name the environment, select Enterprise Mode and click Next.
- On the next screen, do the Configure the Cloud Scan as required, if not, uncheck the “Configure the Cloud Scan” check box and click Next.
- At this stage, select the Bot which was created during On-premises Bot Configuration.
- Setup the IaC repository. Click Select and enter the URL and click Submit.
Note: Enter the URL of your EC2 Instance.
- In Repository Configuration, specify REPO_TYPE = bitbucket-server if you are scanning an on-premises repository. See Repository Configuration Parameters.
- (Optional) From the drop-down option, select PAT (Personal Access Token).
- Enter the PAT OAuth and click Submit. For more details, refer to Creating a Personal Access Token.
- On the next page, select the security policy, click next to review the Environment Configuration, and click Finish to complete the Environment Configuration.
Creating a Personal Access Token
- Login into Bitbucket server dashboard.
- Navigate to Manage Account.
- From the left pane of the screen, select Personal Access Token.
- Click Create a Token.
- Create a personal access token screen pops-up.
Enter Token name in the Token details.
- Under Permissions, from the drop-down option, select Admin for Projects.
- Click Create.
Note: New personal access token is created. Copy the OAuth to the clipboard.
- Click Continue. Account screen is displayed.
PAT is successfully created.