Skip to main content

About Bitbucket Cloud

The Bitbucket Cloud connector collects repository, workspace, project, and team metadata your audits expect around change management and access reviews. Iru authenticates with HTTP Basic Auth: your Atlassian account email as the username and an Atlassian API token as the password (plain passwords are rejected).

How It Works

Clients send Base64-encoded credentials: 
Authorization: Basic base64(email:api_token)
Atlassian is deprecating app passwords - create API tokens for new work and migrate anything still using legacy secrets before they sunset.
DetailValue
CategoryDeveloper tools
AuthenticationBasic auth (email + API token)
Documentation: Manage API tokens, Bitbucket API tokens, REST intro.

Prerequisites

  • Access to Bitbucket workspaces you expect evidence from.
  • Permission to create API tokens on your Atlassian ID.

Connect Bitbucket Cloud to Iru

Complete this tab before you connect the source in Compliance.
1

Open Atlassian account settings

While signed in to Bitbucket Cloud (or any Atlassian app in the same Atlassian account), select your profile icon, then Account settings (sometimes labeled Atlassian account).
2

Open Security and API tokens

Choose Security, then Create and manage API tokens (wording may read API tokens).
3

Create a scoped API token

Select Create API token with scopes (or the closest equivalent). You are creating an Atlassian API token Bitbucket will accept for Basic auth in Iru.
4

Configure the token

Give the token a label (for example Iru Compliance). Choose an expiry (tokens last up to 365 days). Grant read scopes on repositories, workspaces, and teams so they align with what your controls reference.
5

Copy the token

Create the token and copy the value immediately; Atlassian shows it once. You will use it with your Atlassian email in Iru’s Submit Credentials step.
Continue on the Iru Compliance tab.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
Use email + API token, not Bitbucket username and not your Atlassian password.
Mint a new token under Account settings and update Iru.
Ensure the Atlassian account belongs to every workspace you expect data from.
Replace with API tokens - app passwords are deprecated.

Considerations

Tokens expire: calendar reminders prevent silent…

Tokens expire - calendar reminders prevent silent outages.

Read scopes keep Iru from mutating repos or pull…

Read scopes keep Iru from mutating repos or pull requests.

Sources Management

Browse and manage every Compliance source.

Getting Started With Compliance

Frameworks, actions, and Artifacts.

Iru Overview

How Endpoint, Compliance, and Identity fit together.

Artifacts Management

Upload, review, and organize evidence from sources and actions.