Bitbucket Server to Snyk Cleanup Tool

This tool helps you identify archived repositories in Bitbucket Server that are also imported into Snyk, and provides options to analyze and delete the corresponding Snyk projects.

Features

• 🔍 Analysis: Find archived Bitbucket repositories and match them with Snyk targets
• 📊 DataFrame Operations: Uses pandas for efficient data manipulation and comparison
• 🗑️ Bulk Operations: Delete multiple Snyk projects that match archived Bitbucket repos
• 🔒 Dry Run Mode: Safe testing without actually deleting anything
• 📝 Detailed Logging: Comprehensive logging for troubleshooting
• 📄 JSON Export: Save analysis results for review

Prerequisites

• Python 3.10.14 or higher
• Access to Bitbucket Server with username/password authentication
• Snyk API token with appropriate permissions
• Required Python packages (see requirements.txt)

Installation

1. Clone the Repository

   git clone <repository-url>
   cd bitbucket-delete-archieved-repos

2. Install Dependencies

   python3 -m venv venv
   source venv/bin/activate  # On Windows: venv\Scripts\activate
   pip install -r requirements.txt

3. Set Environment Variables

   export SNYK_TOKEN="your-snyk-api-token"
   export BITBUCKET_USERNAME="your-bitbucket-username"
   export BITBUCKET_PASSWORD="your-bitbucket-password"  # or app password

Usage

1. Analyze Archived Repositories

Find archived Bitbucket repositories and match them with Snyk targets:

python3 bitbucket_snyk_cleanup.py analyze \
  --bitbucket-url "https://bitbucket.company.com" \
  --bitbucket-username "your-username" \
  --bitbucket-password "your-password" \
  --snyk-org-id "your-snyk-org-id" \
  --output-file "analysis-results.json"

2. List Archived Repositories Only

Get a list of all archived repositories in Bitbucket:

python3 bitbucket_snyk_cleanup.py list-archived-repos \
  --bitbucket-url "https://bitbucket.company.com" \
  --bitbucket-username "your-username" \
  --bitbucket-password "your-password" \
  --output-file "archived-repos.json"

3. Delete Matching Projects (Dry Run)

Preview what would be deleted without actually deleting:

python3 bitbucket_snyk_cleanup.py delete-matching-projects \
  --input-file "analysis-results.json" \
  --dry-run

4. Delete Matching Projects (Execute)

Actually delete the matching Snyk projects:

python3 bitbucket_snyk_cleanup.py delete-matching-projects \
  --input-file "analysis-results.json" \
  --execute

Command Options

Global Options

• --log-level: Set logging level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
• --snyk-tenant: Snyk tenant URL (default: api.us.snyk.io)

Analyze Command

• --bitbucket-url / -b: Bitbucket Server base URL (required)
• --bitbucket-username / -u: Bitbucket username (required)
• --bitbucket-password / -p: Bitbucket password (required)
• --snyk-org-id / -s: Snyk organization ID (required)
• --output-file / -o: Output file for results (default: bitbucket-snyk-analysis.json)

Delete Command

• --input-file / -i: Input file from analyze command (required)
• --dry-run: Preview deletions without executing (default: True)
• --execute: Actually perform deletions

List Command

• --bitbucket-url / -b: Bitbucket Server base URL (required)
• --bitbucket-username / -u: Bitbucket username (required)
• --bitbucket-password / -p: Bitbucket password (required)
• --output-file / -o: Output file for archived repos (default: archived-repos.json)

Output Format

The analysis command generates a JSON file with the following structure:

{
  "summary": {
    "total_archived_bitbucket_repos": 15,
    "total_snyk_targets": 120,
    "matching_targets": 8,
    "matching_projects": 12
  },
  "archived_repositories": [...],
  "matching_targets": [...],
  "matching_projects": [...]
}

How It Works

1. Connect to Bitbucket Server: Authenticates using username/password
2. Fetch Archived Repos: Retrieves all repositories marked as archived
3. Connect to Snyk: Uses API token to fetch all targets
4. URL Matching: Compares normalized URLs between Bitbucket and Snyk
5. Project Analysis: Finds all Snyk projects associated with matching targets
6. Bulk Operations: Provides safe deletion with dry-run capability

URL Matching Logic

The tool normalizes URLs for comparison by:

• Converting to lowercase
• Removing .git suffixes
• Removing trailing slashes
• Handling different clone URL formats (SSH, HTTPS, HTTP)

Safety Features

• Dry Run by Default: All deletion operations default to dry-run mode
• Confirmation Required: Execute mode requires explicit confirmation
• Detailed Logging: Comprehensive logs for audit trails
• Error Handling: Graceful handling of API errors and network issues

Troubleshooting

Common Issues

1. Authentication Failures

   • Verify Bitbucket credentials are correct
   • Check if account has appropriate permissions
   • Ensure Snyk token has required scopes

2. No Matches Found

   • Check if URLs are being normalized correctly
   • Verify repository names and project keys
   • Review logging output for URL comparison details

3. API Rate Limits

   • The tool includes basic error handling for rate limits
   • Consider running during off-peak hours for large datasets

Debug Mode

Enable debug logging for detailed information:

python3 bitbucket_snyk_cleanup.py analyze \
  --bitbucket-url "https://bitbucket.company.com" \
  --bitbucket-username "your-username" \
  --bitbucket-password "your-password" \
  --snyk-org-id "your-snyk-org-id" \
  --log-level DEBUG

Contributing

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests if applicable
5. Submit a pull request

License

[Add your license information here]

Support

For issues and questions:

1. Check the troubleshooting section
2. Review the logs with DEBUG level
3. Create an issue in the repository