taudit-parse-bitbucket

Bitbucket Pipelines YAML parser for taudit authority graphs.

This crate turns bitbucket-pipelines.yml content into taudit's typed AuthorityGraph, giving security tools a graph-native view of Bitbucket CI/CD authority flow. It focuses on pipeline steps, deployment contexts, variables that look like credentials, images, services, artifacts, pull request triggers, and duplicate-key recovery.

What It Produces

• Step nodes for Bitbucket pipeline execution units.
• Secret nodes for credential-shaped variables such as tokens, passwords, private keys, API keys, and SSH keys.
• Image nodes for global, step-level, and service containers.
• Artifact and authority edges that allow taudit-core rules to reason over trust-boundary crossings.
• Partial-graph markers when a file lacks a usable pipelines: mapping or uses multiple YAML documents.

Rule evaluation lives in taudit-core; this crate only parses and annotates.

Install

[dependencies]
taudit-core = "3"
taudit-parse-bitbucket = "3"

Basic Use

use taudit_core::graph::PipelineSource;
use taudit_core::ports::PipelineParser;
use taudit_parse_bitbucket::BitbucketParser;

let source = PipelineSource {
    file: "bitbucket-pipelines.yml".into(),
    repo: None,
    git_ref: None,
    commit_sha: None,
};

let graph = BitbucketParser.parse(pipeline_yaml, &source)?;

Use Cases

• Add Bitbucket Pipelines support to an in-process taudit scanner.
• Convert Bitbucket CI/CD config into a graph for custom DevSecOps dashboards.
• Run taudit authority propagation rules against Bitbucket pipeline fixtures.

Related Docs

• Product README: https://github.com/0ryant/taudit
• Authority graph spec: https://github.com/0ryant/taudit/blob/main/docs/authority-graph.md
• Rule catalogue: https://github.com/0ryant/taudit/blob/main/docs/rules/index.md