Code Insights

Code Insights offers your team a better way to gain insights and improve code quality in the pull requests, so issues related to code quality can be viewed and acted upon during the normal code review process.


The reports feature allows you to send reports to Bitbucket that will be displayed within the app.

If you are a third-party provider, this is a way to get information into a pull request: code coverage, code quality reports, deployment information. It can be anything you want. If you are looking for existing integrations there are a number of existing tools that post reports to Bitbucket Cloud.

Use the reports inside Bitbucket


  • You must have a Bitbucket Cloud account.

  • You must enable the new code review experience by clicking your avatar on the sidebar > Bitbucket Labs > New pull request experience

  • You must have at least a pull request or a pipeline.

  • If you are using pipelines, you have to use an integration. Check the list of available pipes here.

See the reports in the pull requests section

Reports in the pull request view help a reviewer make informed and confident decisions when assessing security and risk when approving and merging code.


  1. Go to your pull request.

  2. You now see a reports section on the right side. This view is available only in the new code review experience.

  3. If you haven’t set up a pipe or an integration, you won’t be able to see any reports. Check the list of available pipes here. Learn how to write a pipe here.

  4. However, if you already have the right configuration, the report will start displaying information in the right-side panel.

See the reports inside the pipeline.


  1. Go to pipelines and select the pipeline you want to see the reports for.

  2. If you haven’t set up a pipe or an integration, you won’t be able to see any reports. Learn how to set a pipe or an integration link.

  3. If you have already set up a pipe or an integration, when you navigate to your pipeline metadata, you will be able to see a new line showing the number of generated reports.

4. Click it to see the detailed reports.

Use the Reports-API to upload reports

Third-party providers also have the option to upload reports directly through the REST-API. Reports are based against a commit.


The full OpenAPI documentation of the REST-API for code reports can be found here.

Reports and Report data

To upload a report, make sure to generate an ID that is unique across all reports for that commit. If you want to use an existing id from your own system, we recommend prefixing it with your system’s name to avoid collisions, for example, mySystem-001

Sample cURL request:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 curl --request PUT '<username>/<reposity-name>/commit/<commit-hash>/reports/mySystem-001' \ --header 'Content-Type: application/json' \ --data-raw '{ "title": "Security scan report", "details": "This pull request introduces 10 new dependency vulnerabilities.", "report_type": "SECURITY", "reporter": "mySystem", "link": "", "result": "FAILED", "data": [ { "title": "Duration (seconds)", "type": "DURATION", "value": 14 }, { "title": "Safe to merge?", "type": "BOOLEAN", "value": false } ] }'


title, details and report_type are the only mandatory fields in the payload. The elements under the data array can be freely defined. They can represent any information you want to communicate to the user. Report data is mandatory and can contain up to 10 elements. The information contained in that array will be displayed at the top of a report along with the other fields in the payload.

The same endpoint can also be used to update existing reports. The URL is also available as a GET and a DELETE endpoint. Once created, a report can be addressed with the generated UUID instead of the external id. Additionally, a GET for …/<commit-hash>/reports without an ID returns all reports belonging to this commit.


Using Bitbucket Pipelines allows you to use the Reports-API without extra authentication. For that you need to send your request through a proxy server that runs alongside with every pipeline on localhost:29418, and a valid Auth-Header will automatically be added to your request. Example:

1 curl --proxy 'http://localhost:29418' --request PUT "$BITBUCKET_REPO_OWNER/$BITBUCKET_REPO_SLUG/commit/$BITBUCKET_COMMIT/reports/mySystem-001/annotations/mySystem-annotation001"


If you develop a custom pipe you can also use the same proxy server, however, because Pipes are running inside a docker container, the URL is slightly different. Example:

1 curl --proxy 'http://host.docker.internal:29418' --request PUT "$BITBUCKET_REPO_OWNER/$BITBUCKET_REPO_SLUG/commit/$BITBUCKET_COMMIT/reports/mySystem-001/annotations/mySystem-annotation001"


For calls from outside of Bitbucket please see this page for Authentication. For the Reports-API, you will need to have the Repository: Read scope.

Additional Help

Ask the Community