The FOSSA Developer Hub

Welcome to the FOSSA developer hub. You'll find comprehensive guides and documentation to help you start working with FOSSA as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Bitbucket Server (Stash)

This guide is for your Bitbucket Server/Atlassian Stash admin to set up FOSSA On-Prem's access to your internal code. Note: This was written for Bitbucket Server v4.0.6+

Set up Application Link

You first need to add an application link so that users with a login on Bitbucket Server can view their projects through FOSSA.

  1. Navigate to your local Bitbucket Server > Settings > Application Links.
  1. Create an Application Link to FOSSA's internal IP
Fill in "fossa" for all options:
  1. Go to the new link and Edit > Incoming Authentication
  1. Fill in the following settings and hit "Save" (leaving the rest blank):

    Consumer Key: fossa

    Consumer Name: fossa

    Public Key:


Now users can successfully connect their Bitbucket Server accounts with FOSSA.

Add 'fossabot'

FOSSA currently requires a companion bot account on your Bitbucket Server instance with global read access to analyze all internal repositories. This will be replaced in future updates, but is currently required for FOSSA to fetch code.

  1. Add fossabot user to Bitbucket Server

    Go to Settings > Accounts > Users > Create User.

For username/password, use the bitbucket_server__credentials config in FOSSA's config.env (default below):

  1. Ensure fossabot has global read access

    fossabot needs to be able to clone any repository in your instance of Bitbucket Server. The easiest way of doing this is giving the account admin privelages in Settings > Accounts > Global Permissions:

If you need to custom-configure a role for `fossabot`, make sure the account still has global read afterwards (i.e. try cloning repos across different projects as `fossabot`).

Now you should be all set up! Users on FOSSA should be able browse and import their repositories on Bitbucket Server through Bulk Import.

NOTE: fossabot is not accessible to average users of FOSSA, but serves as an internal proxy for FOSSA to fetch code. Normal users will only be able to browse and import what they have access to normally through Bitbucket Server.

Configuring FOSSA

If you've set up this configuration before installing FOSSA, you can ignore this step and use the default prompts to complete the FOSSA install.

Otherwise, ensure your config.env file on your FOSSA box has the following entries:

# Replace with your Bitbucket base URL, including protocol

Automatic Updates

After importing, automatic updates need to be configured manually in two places for each imported project.

  1. On FOSSA via Project > Settings > Update Hooks, select "Select Update Method...", choose Webhook and hit Save Changes.

  2. On Bitbucket Server, install (if not done already) the webhooks module and enable them on each imported project. View guide here.

  3. Copy & Paste Webhook Update URL from the first step to the webhooks in Bitbucket under Post-Receive Webhooks > Enable.

If you have any problems, contact support at [email protected] This guide was written for Bitbucket Server v4.0.6+.

Updated 2 years ago

Bitbucket Server (Stash)

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.