🔘Pynt for Bitbucket pipelines
Integrate Pynt with Bitbucket Pipelines for automated API security testing. Enhance your CI/CD pipeline by adding Pynt’s dynamic security scans to your Bitbucket workflows with minimal setup.
What is Bitbucket Pipelines?
Pynt’s Integration with Bitbucket Pipelines
As part of its API security testing suite, Pynt allows seamless integration with Bitbucket Pipelines.
Pynt for Bitbucket Pipelines enables you to automatically perform API security tests within your CI/CD workflow. This integration captures real API traffic during test or application runs, then analyzes it for security vulnerabilities such as BOLA, misconfigured headers, authentication issues, and more.
Bitbucket Pipelines Configuration
Add your PYNT_ID
as a repository variable or workspace variable in Bitbucket:
Go to Repository Settings > Repository Variables
Add PYNT_ID:
Example: Running Pynt with Playwright
In this example we are running a Bitbucket pipeline that:
Installs playwright dependencies
Installs Pynt Binary
Runs DVWA as a target for the scan
Performs an API security scan with a playwright script, find MySQL vulnerability.
Upload results to Pynt dashboard under "dvwa_example" application (application will be created if the running user has Admin role, if the user has "User" role, have an Admin create this application in Pynt dashboard)
ℹ️ Example files can be found here
Here is how the bitbucket-pipelines.yml is configured:
image: mcr.microsoft.com/playwright:v1.44.0-jammy
pipelines:
default:
- step:
name: Run DVWA and Playwright Tests
services:
- dvwa
caches:
- node
script:
- npm install
- npx playwright install --with-deps
- echo "Waiting for DVWA to be ready..."
- until curl -sSf http://localhost:80/login.php > /dev/null; do sleep 3; done
- echo "DVWA is up!"
- npm run test
- export PYNT_ID=$PYNT_ID
- wget https://cdn.pynt.io/binary-release/install.sh
- chmod +x install.sh
- ./install.sh
- export RUNNING_FROM_PYNT=true
- ~/.pynt/bin/pynt command --cmd "npm run test" --application-name dvwa_example
definitions:
services:
dvwa:
image: vulnerables/web-dvwa
Controlling the return code from Pynt
pynt newman
and pynt command
support an optional flag --severity-level
to control CI behavior when findings are detected.
This flag determines when Pynt will return a non-zero exit code and break the pipeline:
Allowed values:
'all', 'medium', 'high', 'critical', 'none' (default)
Example:
pynt command --cmd "node your-playwright-script.js" --severity-level critical
This will break the CI pipeline only if Pynt detects findings of critical severity
💡 Need Help?
For questions or troubleshooting:
Visit the Pynt CLI Troubleshooting Guide
Ask the community at Pynt Community Support
Last updated