This blog is part of our series on how to use Atlassian features, automations, and integrations to take time back to ship better code, faster. Click here for the full list of 12+ new features or follow us on Twitter to stay up-to-date!
Development teams that 'shift left' focus on quality and identifying issues before they become a problem. It's useful to ensure customers don't experience any unexpected outages or vulnerabilities, but results in key information about code siloed away in disparate analysis tools like security scanners, testing, and monitoring tools. As the tools pile on, they add friction to a team's development and review process, slowing down their workflow.
Code Insights for Bitbucket Cloud brings key information from your favorite security, testing, and monitoring tools into the pull request view, giving reviewers insights into code quality and alerting them of issues without having to context switch to discover them. These insights help reviewers identify and address issues and provide them greater confidence to approve changes, faster.
We know that there's no one-sized-fits-all approach to DevOps. That's why we're empowering development teams to choose the right mix of DevOps tools that work best for them.
Security
Code Insights provides visibility into security vulnerabilities and code quality as part of the code review process, all within Bitbucket's UI. For example with Snyk's integration, whenever a new pull request is created a scan for possible vulnerabilities and license issues is automatically conducted, with detailed annotations shown next to anything it finds.
This allows teams to take fast, effective, and data-informed remediation steps, all before code hits production.
Code Insights isn't limited to helping detect open source vulnerabilities either. Bridgecrew scans infrastructure-as-code files and orchestration frameworks like Kubernetes, Terraform, and CloudFormation for misconfigurations and policy violations, giving developers insights into cloud security issues within the pull request view.
Read more about other security-focused Code Insights integrations:
Monitoring
Error monitoring tools surface runtime errors and/or crashes within your application, helping developers diagnose, fix, and optimize the performance of their code. With Sentry's integration with Code Insights, teams can get ahead of errors in releases, watch out for errors on changed files, and view suspect commits on a given error.
And all it takes is four lines of code to set up Sentry to automatically run whenever someone opens a pull request.
Read more about Sentry's error monitoring integration with Bitbucket here.
Testing
Last but most certainly not least, Code Insights helps bring integrated, automated testing from CI/CD directly into Bitbucket's pull request view. Mabl's integration tests builds for visual, functional, and performance regressions automatically with every deployment, and results displayed in Bitbucket's UI. This helps teams catch issues earlier in the development cycle and automatically make informed decisions based on individual test output.
Read more about mabl's Code Insights integration here.
An easier, automated way to shift left
Code Insights for Bitbucket Cloud helps reviewers automatically identify and address issues with a pull request, allowing them to make fast, confident, and informed decisions about code changes right within Bitbucket's UI. We're proud to partner with industry leaders in the security, monitoring and testing space to help teams ship quality code fast, and look forward to working with more of your favorite tools in the future.