TracerOpenSRE queries Bitbucket to retrieve recent commits, file contents, and code search results — helping trace which change in a Bitbucket-hosted repository triggered an incident.Documentation Index
Fetch the complete documentation index at: https://opensre.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
Prerequisites
- Bitbucket Cloud account
- App password with repository read access
Setup
Option 1: Interactive CLI
Option 2: Environment variables
Add to your.env:
| Variable | Default | Description |
|---|---|---|
BITBUCKET_WORKSPACE | — | Required. Bitbucket workspace slug |
BITBUCKET_USERNAME | — | Required. Bitbucket username |
BITBUCKET_APP_PASSWORD | — | Required. Bitbucket app password |
Option 3: Persistent store
Creating an app password
- In Bitbucket, go to Personal settings → App passwords
- Click Create app password
- Give it a label (e.g.,
opensre) - Enable the following permissions: Repositories: Read
- Copy the generated password
The workspace slug is the identifier in your Bitbucket URL:
https://bitbucket.org/<workspace>/Investigation tools
When OpenSRE investigates a Bitbucket-related alert, three tools are available:- Commits — retrieves recent commits for a repository, optionally filtered by file path
- File contents — fetches the contents of a file at a specific revision
- Code search — searches code across the workspace or a specific repository
Verify
Troubleshooting
| Symptom | Fix |
|---|---|
| 401 Unauthorized | Check username and app password combination |
| Workspace not found | Verify the workspace slug — it’s case-sensitive |
| 403 Forbidden | Ensure the app password has Repositories: Read permission |
| Code search unavailable | Code search requires a Bitbucket Cloud Standard or Premium plan |
Security best practices
- Use an app password rather than your account password — app passwords can be revoked individually.
- Scope permissions to Repositories: Read only.
- Store credentials in
.env, not in source code.