Add Bitbucket Cloud Support to Frogbot

[adityajalkhare]

Summary

Adds Bitbucket Cloud as a VCS provider in Frogbot. Joins existing platforms: GitHub, GitLab, Bitbucket Server, and Azure Repos.

Motivation

Bitbucket Cloud is used by many teams but was not previously supported. The froggit-go v1.21.0 library already includes a Bitbucket Cloud client, so this PR wires it into Frogbot's provider detection and configuration.

Changes

1. Added BitbucketCloud Provider Constant

File: utils/consts.go

• Added BitbucketCloud vcsProvider = "bitbucketCloud" to the vcsProvider enum

2. Updated Provider Detection Logic

File: utils/params.go

• Modified extractVcsProviderFromEnv() to recognize JF_GIT_PROVIDER=bitbucketCloud
• Updated error message to include bitbucketCloud as a valid provider option

3. Configured Output Writer

File: utils/outputwriter/outputwriter.go

• Updated GetCompatibleOutputWriter() to return SimplifiedOutput for BitbucketCloud
• Uses same format as BitbucketServer due to API limitations (no inline review comments, no comment deletion)

4. Added Integration Tests

File: bitbucket_cloud_test.go

• Created test suite following the same pattern as other VCS provider tests
• Includes tests for scan-pull-request and scan-repository commands
• Test helper functions for client initialization

5. Documentation

File: BITBUCKET_CLOUD_IMPLEMENTATION.md

• Configuration, usage, limitations, and troubleshooting
• CI/CD integration examples (Bitbucket Pipelines)
• Authentication setup instructions

Configuration Example

export JF_GIT_PROVIDER="bitbucketCloud"
export JF_GIT_USERNAME="<bitbucket-username>"
export JF_GIT_TOKEN="<bitbucket-access-token>"
export JF_GIT_OWNER="<workspace>"
export JF_GIT_REPO="<repository-slug>"
export JF_URL="<jfrog-platform-url>"
export JF_ACCESS_TOKEN="<jfrog-access-token>"

./frogbot scan-pull-request

Key Implementation Details

Authentication

• Requires both JF_GIT_USERNAME and JF_GIT_TOKEN
• Different from BitbucketServer which only requires token
• Uses Bitbucket Cloud API v2.0 (https://api.bitbucket.org/2.0)
• Note: Currently only supports Basic Auth (App Passwords). Repository Access Tokens (ATATT/ATCTT prefix) require Bearer authentication, which is not yet implemented in froggit-go's BitbucketCloud client. Will be implemented using Bitbucket Cloud Authentication and Rate Limit Fix

Output Format

Uses SimplifiedOutput (same as BitbucketServer) because:

• froggit-go does not implement inline review comments for Bitbucket Cloud
• froggit-go does not implement comment deletion for Bitbucket Cloud
• Simpler output format reduces API call complexity

Dependencies

• No new dependencies
• Uses existing froggit-go v1.21.0 BitbucketCloud client
• ktrysmt/go-bitbucket already in go.mod

Known Limitations

froggit-go Implementation Gaps

• ⚠️ Inline review comments: Bitbucket Cloud API supports this, but froggit-go returns errBitbucketAddPullRequestReviewCommentsNotSupported
• ⚠️ Delete comments: Bitbucket Cloud API supports this, but froggit-go returns errBitbucketDeletePullRequestComment
• ⚠️ GetCommits: Returns errBitbucketGetCommitsNotSupported, limiting email notification features
• ⚠️ Bearer token auth: Only Basic Auth implemented, Repository Access Tokens not supported

Bitbucket Cloud API Limitations

• ❌ PR labels: Not supported by Bitbucket Cloud API
• ❌ GitHub-specific features: Code scanning, dependency graph, etc. not available

Rate Limiting Considerations

Bitbucket Cloud enforces strict rate limits:

• 1000 requests/hour for authenticated users
• 60 requests/hour for pull request operations

froggit-go does not currently implement:

• Rate limit header parsing
• Response caching
• Automatic retry on 429 errors
• Request deduplication

For large repositories or frequent scans, you may encounter 429 Too Many Requests errors. Recommended mitigations:

• Scan specific branches only (configure in .frogbot/frogbot-config.yml)
• Increase scan interval
• Disable JAS scanning (JF_DISABLE_ADVANCED_SECURITY=true) to reduce API calls
• Filter by severity (JF_MIN_SEVERITY=HIGH)

See BITBUCKET_CLOUD_IMPLEMENTATION.md for details.

Testing

Manual Testing

To test manually, set environment variables:

export FROGBOT_TESTS_BB_CLOUD_TOKEN="<access-token>"
export FROGBOT_TESTS_BB_CLOUD_USERNAME="<username>"

Update test repository details in bitbucket_cloud_test.go, then run:

go test -v -run TestBitbucketCloud

Test Coverage

• ✅ Client initialization with username + token
• ✅ Scan pull request command
• ✅ Scan repository command
• ✅ Local repository scanning

Backward Compatibility

No breaking changes:

• Existing VCS providers unchanged
• BitbucketCloud only activates with JF_GIT_PROVIDER=bitbucketCloud
• Follows same patterns as other providers

Checklist

• Code follows existing patterns (GitHub, GitLab, BitbucketServer, AzureRepos)
• Provider constant added to utils/consts.go
• Provider detection updated in utils/params.go
• Output writer configured in utils/outputwriter/outputwriter.go
• Integration tests created in bitbucket_cloud_test.go
• Documentation provided in BITBUCKET_CLOUD_IMPLEMENTATION.md
• No syntax errors (verified with static analysis)
• No new dependencies added
• Integration tests passed (requires Bitbucket Cloud test environment)
• All tests passed. If this feature is not already covered by the tests, I added new tests.
• This pull request is on the dev branch.
• I used gofmt for formatting the code before submitting the pull request.
• Update documentation about new features / new supported technologies

References

• Bitbucket Cloud API v2.0
• froggit-go BitbucketCloud Implementation
• Bitbucket Access Tokens

Related Issues

Closes #[323]

[adityajalkhare]

I have read the CLA Document and I hereby sign the CLA