# Bitbucket Data Center ### Overview The Veza integration for BitBucket Data Center edition enables the discovery of Users, Groups, Projects, and Repositories within the self-managed version control system. After enabling the integration, you can: * Review user access to BitBucket at the group, project, or repository level. * Correlate local BitBucket users with external users to understand how federated identities can access resources in BitBucket, including public repositories. * Configure insights, rules, and actions to understand and manage access risks, based on any attributes Veza has discovered, such as activity or last login. This document provides steps to enable the integration. See [Notes and Supported Entities](#notes-and-supported-entities) for more information. > For Bitbucket Cloud, see the [Atlassian Cloud Connector](/4yItIzMvkpAvMVFAamTf/integrations/integrations/atlassian.md#bitbucket-cloud). ### Configuring Bitbucket Data Center Requirements: * Veza requires authorization to call the Bitbucket REST API to collect authorization metadata. You will need an admin username and password to fully gather global and group permissions. * An Insight Point is recommended for secure communication with the BitBucket Data Center host. * Veza must be able to access the Bitbucket Data Center host to perform API calls. To achieve this, you can install an [Insight Point](/4yItIzMvkpAvMVFAamTf/integrations/connectivity/insight-point.md) or [allow inbound traffic from Veza in your firewall rules](/4yItIzMvkpAvMVFAamTf/integrations/connectivity.md). #### Recommended configuration: username and password For full discovery, the integration calls the Bitbucket Admin API as an admin user, configured for username and password authentication. 1. Create a new BitBucket user with Admin privileges * Ensure two-factor is disabled. * Set a strong password for the user. * Specify the username and password during configuration. See [Users and Groups: Creating a User](https://confluence.atlassian.com/bitbucketserver/users-and-groups-776640439.html) for more details. #### Alternate configuration with a Personal Access Token The integration can optionally use an Access Token for an admin user for authentication. With a personal access token, the integration will not discover global permissions for BitBucket, and project permissions for groups will contain nested group members. See [Personal Access Tokens](https://confluence.atlassian.com/bitbucketserver076/personal-access-tokens-1026534797.html) to create a token. ### Configure the Veza integration for BitBucket Data Center To enable the integration and queue the first extraction: 1. In Veza, go to **Integrations**. 2. Click *Add Integration* and pick Bitbucket Data Center as the type of integration to add. 3. Enter the required information and *Save* the configuration. | Field | Notes | | ------------------ | -------------------------------------------------------------------------------------------------- | | Insight Point | Choose an Insight Point to use for discovery. | | Name | A friendly name to identify the unique integration. | | Host URL | Full URL used to access Bitbucket, such as `https:/bitbucket.mycompany.com`. | | Only Used Groups | Check this box to only processes Groups used by Bitbucket Users. | | Username | Username for authentication. Leave blank if using a Personal Access Token. | | User Secret | The password or Personal Access Token for authentication. | | Project Allow List | List of Project keys to include for discovery. When enabled, projects not on the list are skipped. | | Project Deny List | List of Project keys to exclude from discovery. | Some Bitbucket LDAP configurations can unnecessarily result in discovery of all LDAP groups. Use the *Only Used Groups* option to prevent discovering all groups. > Note: The Project Allow and Deny lists are by the Project's Key. This is generally the last part of the URL when browsing to the Project. ### Notes and Supported Entities Veza uses the standard application template to model the following entities and properties within Bitbucket: * Bitbucket Data Center Workspace → Application * Bitbucket Data Center Project → Project Resource * Bitbucket Data Center Repository → Repo Resource * Bitbucket Data Center Group → Local Group * Bitbucket Data Center User → Local User * Bitbucket Data Center User Role → Local Role * Bitbucket Data Center Permission → Local Permission #### Bitbucket Data Center User An individual account within the Bitbucket Data Center environment, who can access and interact with the Bitbucket instance. This includes managing personal settings and cloning, committing, and reviewing code. Users can be assigned permissions on resources directly, or by group membership. See [Global Permissions: User and Group Access](https://confluence.atlassian.com/bitbucketserver/global-permissions-776640369.html) for more details. | Attribute | Description | | --------------- | ------------------------------------------ | | `id` | User Id | | `email` | User's email address | | `name` | User's login name | | `display_name` | User's display name | | `is_active` | True if user is an active user, else False | | `last_login_at` | User last login time | | `type` | Account type as reported by Bitbucket | #### Bitbucket Data Center Group A collection of users in Bitbucket Data Center, assigning the same set of permissions to multiple users. Groups can be used to manage repository access, project roles, and other collaborative settings efficiently. | Attribute | Description | | ----------- | ----------------------------------- | | `id` | Group Id | | `name` | Group name | | `is_active` | True if group is active, else False | #### Bitbucket Data Center Project A top-level organizational unit used to group related repositories for management and access control. Project-level settings and permissions can apply to all child repositories. Projects typically organize repositories logically by department, team, or specific initiatives. | Attribute | Description | | ----------- | ---------------------------------- | | `id` | Project Id | | `name` | Project name | | `is_public` | True if Project is marked "Public" | #### Bitbucket Data Repository Repositories are fundamental units within Bitbucket where actual development work is tracked and managed, containing files, commit history, branches, and tags associated with a project's codebase. Users can interact with repositories by cloning, forking, committing, and pushing changes | Attribute | Description | | ------------- | --------------------------------- | | `id` | Repository Id | | `name` | Repository name | | `slug` | Repository slug | | `is_public` | True if repo is marked "Public" | | `project_key` | Project key repository belongs to | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/bitbucket-data-center.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.