Overview

Scrut integrates with Bitbucket using secure API or OAuth authentication to ingest repository configurations, user access mappings, branch policies, CI/CD pipeline activity, deployment metadata, and repository ownership mapping. The integration collects pull-request reviews and audit logs, enabling automated change-management evidence, streamlined access reviews, and centralized source-code compliance within Scrut’s GRC platform.

Why Connect

• Prove MFA, repo visibility, and branch protections are enforced
• Provide auditors with change management and access review evidence
• Eliminate manual repo checks with auto-collected security settings.

Supported Automated Tests

Scrut provides pre-built automated tests for Atlassian Bitbucket. Here are a few examples of Scrut’s Atlassian Bitbucket tests:

• Access reviews completed for all in-scope applications
• Atlassian Bitbucket accounts associated with users
• Atlassian Bitbucket accounts deprovisioned when employees leave

Supported Automated Evidence

Scrut automates the collection of some evidences for Atlassian Bitbucket. Here are a few examples of Scrut’s Atlassian Bitbucket-driven evidences that can be collected:

• Offboarding - Logical Access & Physical Access Revocation
• Reports of User Access Reviews
• User Access Approval list to Application, Infrastructure and Service
• Enabled Multi-Factor Authentication
• Documented Asset Inventory and Review Dates
• Geolocation Requirements for Processing, Storage and Service Locations.
• Production Data not for Testing
• Separation of Development, Test and Production Environment