Security for Bitbucket now detects scans performed with old settings

In earlier versions of Security for Bitbucket, a branch was considered “Up to date” if the latest commit was scanned, even if the scan rules had changed since the scan was performed. Our customers brought to our attention the use case of rolling out a new global rule, or modifying an existing rule — and we listened.

Starting with Security for Bitbucket 3.14.0, updates to global settings are reflected in the scan results. Branches are now marked as “Settings Changed” instead of “Up to Date” if any of the following has occurred since the branch was scanned:

  • Any rule has been enabled or disabled.
  • A custom rule has been edited.
  • A new custom rule has been added.

Repository statistics count these branches as “Outdated”, and project statistics change accordingly. This way, users have a more accurate picture of the status of their scans relative to the latest enabled rules. Out-of-date branches can then be re-scanned using the “Scan” option in the global dashboard; no need for a “Force rescan”.

Note that branches with non-reviewed findings will continue to be reported as “Vulnerable” in the global dashboard after a settings change. For full details, reference our documentation.

Both branches were was scanned, but only feature-branch was re-scanned after a global settings change.

When Security for Bitbucket 3.14.0 is first installed, any branches which were reported to be “Up to Date” prior to the install will be considered up-to-date with the latest settings (since settings versioning was not available in prior versions). Branches will begin being updated to “Settings Changed” once a change to the rules is made.

As always, please reach out with questions, bug reports, and suggestions in our support portal.

Leave a Reply

%d bloggers like this: