Before adopting Bitbucket Pipelines, Fresh Consulting was doing manual testing for all their projects. As the company grew, they began to feel the pain of manual testing taking up more and more valuable developer time. They looked for a lightweight continuous integration (CI) solution to give them the benefits of automated testing without the overhead of managing a build server. The team also wanted to enforce coding standards to ensure consistency across projects, but found other tools hard to manage across the hundreds of repositories they used. When Bitbucket launched Pipelines in 2016, Fresh Consulting was one of the first organizations to get on board.
"Setting up Bitbucket Pipelines was very easy," says Steve Hulet, co-founder and CTO of Fresh Consulting. To scale up, the engineers simply copied the Pipelines YAML file to a new project. Bitbucket Pipelines helped Fresh Consulting improve their testing automation, code standardization, and security problem detection without the overhead of setting up a complex CI tool. Fresh Consulting was able to roll out a continuous integration process for their projects in days rather than weeks.
With Pipelines, Fresh Consulting realized the power of an integrated CI tool in Bitbucket that just works. "We push the code to Bitbucket, then Pipelines runs the tests, and lets us know if there's any problem, all automatically," says Steve. "We do that on every commit, every push. If a deployment is going to fail, the sooner we fix it, the less expensive it is. Our development process is speeding up in a way wouldn't happen without Bitbucket Pipelines' automation."
Bitbucket Pipelines has also helped to enforce the team's coding standards. Steve explains, "If anyone forgets a requirement, they will be warned via email that their code won't pass unless they correct the problem. With Pipelines, our developers recognized the value of the standards and began to follow them."
Fresh Consulting also found Bitbucket Pipelines useful for detecting security vulnerabilities. "We use it to automatically scan code, check for SQL injection vulnerabilities, cross-site request forgery problems and violations of the WCAG accessibility standard," says Steve. They also check for published security vulnerabilities by scanning and comparing the plug-ins and third-party code.