Getting high-quality feedback early on in your development process is critical; the earlier you can detect bugs or other issues, the cheaper and faster it is to fix them. CI systems and other analysis tools – static code analyzers, testing tools, security scanners, artifact repositories – can provide useful information about a code base as it evolves, but it’s siloed within these tools.

Code Insights for Bitbucket Server offers a better way for your team to gain insights for progressively improving code quality. Code Insights allows these tools to surface the insights about code quality in the pull requests, so issues related to code quality can be viewed and acted upon during the normal code review process. You can see the quality reports sent by different tools showing a summary of analysis and code annotations to help you to identify and address dependency vulnerabilities, code smells, and much more – faster.

If you want to see all that Code Insights can do for you and your team, read on to learn how our partners have improved their integrations with Bitbucket to give you a better developer experience.

Code annotations on a pull request in Bitbucket Server
Code annotations on a pull request in Bitbucket Server

Ready to take it for a spin? Code Insights is available in our latest release, Bitbucket Server, or Data Center 6.4.

Read on to learn about a few of our partners who are providing a better experience for developers using their new integrations with Bitbucket Code Insights.

SonarQube

The SonarQube Developer Edition lets development teams track code quality across all feature and maintenance branches, preventing bugs and vulnerabilities from flowing downstream. SonarQube’s integration automatically comments on pull requests, allowing developers to detect, understand, and fix any new bug or vulnerability before even merging their code.

screenshot of SonarQube code quality report

Mibex

Mibex’s Code Review Assistant for Bitbucket Server improves the code review experience by integrating static code analysis, bug prediction, pull request templates, and source code lookup. Using Code Insights, Mibex offers detailed results from code review analysis tools and reports violations with code annotations in the pull request.

screenshot of Mibex code quality report

JFrog

Using Code insights, the JFrog integration allows CI tools to annotate pull requests with information about and access to the related artifacts in Artifactory, along with security and license scanning results from Xray.

screenshot of JFrog annotated pull request

Sonatype

Sonatype’s Nexus Notifier tackles the growing challenge of open source governance during development cycles. With their upcoming integration with Bitbucket Server’s Code Insights, developers can use results from Sonatype’s automated policy engine to drive pull request discussions. To take full advantage of Nexus Notifier for Bitbucket Server, use it in combination with Sonatype’s Nexus Notifier plugin for Jenkins.

screenshot of Sonatype Nexus Lifecycle report

Snyk

Find, fix, and prevent vulnerabilities in your open source dependencies with Snyk. Snyk’s pull requests can automate fixes via upgrades or precision patches. Using Code Insights, the Snyk integration gives you line-level vulnerability annotations, increasing visibility and empowering you to make more informed decisions.

screenshot of Snyk code quality report

Whitesource

WhiteSource’s Bitbucket integration alerts developers within the Bitbucket UI on open source vulnerabilities and automatically generates fix pull requests to help speed up the remediation process. The integration detects open source components in each repository; alerts on vulnerable components; initiates automated workflows; and, combined with Code Insights for Bitbucket Server, adds security vulnerability annotations for every pull request.

screenshot of WhiteSource code quality report

Bamboo

In Bamboo 6.7, we introduced the Build warnings parser task, which scans build logs and output files for compiler warnings. Associating these warnings with Code Insights allows your build warnings to be aggregated and reported directly into the Bitbucket repositories.

screenshot of Bamboo code quality report

And so much more

How to choose the right DevOps tools

It’s easy to develop your own integration with developer tools to send Code Insights. Just follow our simple how-to guide and tutorial.

Whether your team is going through a DevOps transformation or you’re just looking for a way to incorporate more DevOps principles into your daily workflow, Code Insights will help you improve code quality and reduce the time it takes to merge pull requests. Early on in your DevOps journey? Check out our webinar for tips and tricks.

Interested in more details from the Bitbucket Server 5.15 release? Read more in our release notes.

Shift left to pull requests with Code Insights for...