StackShield + Bitbucket Pipelines: Laravel Security in Your CI/CD
Integrate StackShield scans into Bitbucket Pipelines. Run automated security checks on your Laravel app with every deployment.
Add StackShield security scanning to your Bitbucket Pipelines to automatically verify your Laravel application security as part of your build and deployment process. By adding a scan step to your bitbucket-pipelines.yml, you can trigger a StackShield scan after deployment and gate releases based on the results. This integration works with Bitbucket branch pipelines, pull request pipelines, and custom pipelines.
Features
- Add a StackShield scan step to your Bitbucket Pipelines configuration with a simple script command
- Fail builds when StackShield detects critical security misconfigurations in your deployed Laravel app
- Use repository variables to securely store your StackShield API token and trigger URL
- Run scans as part of pull request pipelines to check security before merging
Setup Guide
-
1
Generate a StackShield API Token
In your StackShield dashboard, navigate to Settings and then API. Generate a new API token and copy both the token and the site-specific trigger URL.
-
2
Add Repository Variables in Bitbucket
Go to your Bitbucket repository settings, then Repository variables. Add STACKSHIELD_API_TOKEN (mark it as secured) and STACKSHIELD_TRIGGER_URL. These will be available in your pipeline steps.
-
3
Add the Scan Step to bitbucket-pipelines.yml
Add a new step after your deployment step that uses cURL to call the StackShield trigger endpoint. Pass the API token in the Authorization header. The response contains scan results in JSON format.
-
4
Parse Results and Set Exit Code
Use a script to parse the JSON response and exit with a non-zero code if critical findings are present. This causes the pipeline step to fail, which can block the deployment or notify your team.
Ideal Use Case
Bitbucket Pipelines integration is ideal for teams using the Atlassian ecosystem (Bitbucket, Jira, Confluence). By adding StackShield scans to your pipelines, you create an automated security gate that works alongside your existing Atlassian workflow. Combined with Jira issue creation via webhooks, you can automatically create tickets for security findings and track remediation progress in the same tools your team already uses.
Frequently Asked Questions
Can I use Bitbucket Pipes for the integration?
StackShield provides a standard API endpoint that works with a cURL command in a script step. You do not need a custom Bitbucket Pipe, though you could create a reusable YAML anchor or custom pipe for convenience across multiple repositories.
Does this work with Bitbucket deployment environments?
Yes. You can configure different StackShield trigger URLs for different deployment environments (staging, production) and run the appropriate scan based on which Bitbucket deployment environment the pipeline is targeting.
How do I handle scan timeouts in the pipeline?
Set a reasonable timeout on your cURL command (for example, 120 seconds) and handle the timeout case in your script. You can also use the asynchronous trigger mode and poll for results with a short retry loop.
Related Integrations
GitHub Actions
Run StackShield security scans as part of your GitHub Actions workflow. Catch misconfigurations before they reach production.
GitLab CI/CD
Add StackShield security scans to your GitLab CI/CD pipelines. Automatically verify Laravel security posture on every merge request.
Webhooks
Push StackShield scan results to any HTTP endpoint via webhooks. Build custom workflows, feed dashboards, or trigger automated remediation.
Try StackShield Free for 14 Days
Start monitoring your Laravel application security in minutes. No installation required.
Start Free Trial