GITBOOK-9819: NE-DNM:Bitbucket Cloud APP Password To API Token Notice

Author: zolamk

docs/developer-tools/scm-integrations/organization-level-integrations/bitbucket-cloud.md

@@ -101,7 +101,13 @@ To review and adjust the pull request tests settings:
 
 ### Required permission scope for the Bitbucket Cloud integration
 
-All the operations, whether triggered manually or automatically, are performed for a Bitbucket Cloud [service account](../../../implementation-and-setup/enterprise-setup/service-accounts/) that has its token (App Password) configured in the **Integration settings**.
+{% hint style="warning" %}
+Bitbucket Cloud has replaced App Passwords with API tokens\
+Existing credentials will continue to work normally until completely deprecated by Bitbucket Cloud [details here](https://www.atlassian.com/blog/bitbucket/bitbucket-cloud-transitions-to-api-tokens-enhancing-security-with-app-password-deprecation).\
+New integrations will now use API tokens.
+{% endhint %}
+
+All the operations, whether triggered manually or automatically, are performed for a Bitbucket Cloud [service account](../../../implementation-and-setup/enterprise-setup/service-accounts/) that has its token (API Token) configured in the **Integration settings**.
 
 For Snyk to perform the required operations on monitored repositories, such as reading manifest files on a frequent basis and opening fix or upgrade PRs, the integrated Bitbucket Cloud service account needs **Admin** permissions on the imported repositories.
 

docs/developer-tools/scm-integrations/user-permissions-and-access-scopes.md

@@ -104,7 +104,18 @@ The Snyk Bitbucket integrations use different access control mechanisms to conne
 To set up any Snyk Bitbucket integration, you must be a Bitbucket Workspace Admin.
 {% endhint %}
 
-#### Bitbucket Cloud and Bitbucket Data Center/Server scopes
+#### Bitbucket Cloud:
+
+| Action and purpose                                                                                                                                      |                                                                               API Token Scope Requirements                                                                               |
+| ------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: |
+| <p><strong>Daily / weekly tests:</strong><br>Read manifest files in private repos.</p>                                                                  |                                                                                `read:repository:bitbucket`                                                                               |
+| <p><strong>Manual fix pull requests (triggered by the user):</strong><br>Create fix PRs in repos.</p>                                                   | <p><code>read:repository:bitbucket</code></p><p><code>write:repoistory:bitbucket</code></p><p><code>read:pullrequest:bitbucket</code></p><p><code>write:pullrequest:bitbucket</code></p> |
+| <p><strong>Automatic fix and upgrade pull requests:</strong><br>Create fix/upgrade PRs in repos.</p>                                                    | <p><code>read:repository:bitbucket</code></p><p><code>write:repoistory:bitbucket</code></p><p><code>read:pullrequest:bitbucket</code></p><p><code>write:pullrequest:bitbucket</code></p> |
+| <p><strong>Snyk tests on pull requests:</strong><br>Send PR status checks when a new PR is created or a PR is updated.</p>                              | <p><code>read:repository:bitbucket</code></p><p><code>write:repoistory:bitbucket</code></p><p><code>read:pullrequest:bitbucket</code></p><p><code>write:pullrequest:bitbucket</code></p> |
+| <p><strong>Snyk tests on pull requests (initial configuration):</strong><br>Add SCM webhooks to imported repos.</p>                                     |                                                   <p><code>read:webhook:bitbucket</code></p><p><code>write:webhook:bitbucket</code></p>                                                  |
+| <p><strong>Importing new projects to Snyk:</strong><br>Lists available repos in the Bitbucket instance in the <strong>Add Projects</strong> screen.</p> |               <p><code>read:project:bitbucket</code></p><p><code>read:workspace:bitbucket</code></p><p><code>read:account</code></p><p><code>read:user:bitbucket</code></p>              |
+
+#### Bitbucket Data Center/Server scopes
 
 The following table details the required permission scopes in Bitbucket Cloud and Bitbucket Data Center/Serve&#x72;**:**