Connecting Vanta to Bitbucket enables Vanta to automatically read data from your Bitbucket workspace to support compliance monitoring and evidence collection. This integration helps ensure your engineering practices are continuously monitored as your Bitbucket environment changes over time.
Once connected, Vanta continuously pulls information about your repositories and workspace settings to assess controls related to source code management, including repository inventory, access, and security settings, without requiring manual uploads.
Connect the integration
To link Bitbucket successfully with Vanta:
Open the Integrations page.
Select the Available tab, then search for Bitbucket.
Click Connect
You'll want to verify that you are an administrator of the Bitbucket team housing your company's codebase. Once that is confirmed, click the Connect Bitbucket button
You will be taken to a sign-in page. Enter your Bitbucket credentials to continue.
If you are already signed in, this page will not appear.
If this is your first time connecting Bitbucket to Vanta, you will be asked to grant Vanta access to your Bitbucket account after you sign in.
If you are reconnecting after deleting the integration, you will not be asked for access again. Vanta should already have access, and you will be automatically redirected back to the Connections page.
Once access is granted, you will be redirected to the connections page where you must select a workspace. A workspace is where the repositories Vanta will monitor exist. Read more about workspaces here
Once a workspace is selected and there correct permissions exist, you should see a green checkbox on the top right of the page with a checkmark stating, Set the workspace to [Workspace Name]
Permissions
Vanta requires read access to your Bitbucket account information, team membership, repositories, issues, and pull requests for compliance monitoring.
To evaluate branch protection settings, Vanta also requires administrator permissions on repositories, as Bitbucket does not currently offer a read-only permission for this capability.
Troubleshooting FAQ
Why is my MFA test failing?
Why is my MFA test failing?
This occurs when a user has enabled Atlassian MFA instead of Bitbucket MFA. Vanta’s Bitbucket integration specifically checks for Bitbucket MFA, and Atlassian MFA is not currently supported for this test.
To resolve this issue, verify that MFA is enabled directly in Bitbucket:
Go to your Bitbucket account settings.
Under Settings, select Personal settings.
Under Security, choose Two-step verification.
Turn on two-step verification/MFA.
Bitbucket 2fa page | Atlassian 2fa page |
Click to enlarge images
Why aren’t my repositories showing up in Vanta?
Why aren’t my repositories showing up in Vanta?
This usually occurs when the Bitbucket account used to connect the integration does not have the required administrator permissions at the workspace level. Even if the connection appears successful, repositories may not populate in Vanta without sufficient permissions.
Why am I seeing “We’re having some trouble getting data”?
Why am I seeing “We’re having some trouble getting data”?
This error indicates that Vanta is unable to fetch data from your Bitbucket workspace. The most common cause is missing or insufficient workspace or repository administrator permissions for the connected account.
Why am I getting 404 errors?
Why am I getting 404 errors?
In some cases, Bitbucket may return 404 errors for repositories that still appear to exist. This is a known Bitbucket issue that can occur when a repository is queued for deletion but the deletion does not complete, which can cause fetch failures in Vanta.
Why aren’t project-level branch permissions showing?
Why aren’t project-level branch permissions showing?
Bitbucket’s API does not currently support determining whether a repository has inherited branch permissions from the project level. As a result, project-level branch permissions may not appear for individual repositories when accessed through the API.
This is a known limitation in Bitbucket. You can learn more in this Bitbucket Community post and track the issue in Atlassian’s public Jira ticket: