Bitbucket MCP Server
Community-maintained MCP server for Bitbucket API supporting both Cloud and Server, with PR review, code search, and file management tools.
Score Breakdown
Server Info
- Package
- @nexus2520/bitbucket-mcp-server
- Registry
- npm
- Repository
- nexus2520/bitbucket-mcp
- Maintainer
- Community
- Category
- Developer Tools
- Tags
- gitreposatlassian
- Last Scanned
- 7 Apr 2026
Findings
4 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio-only transport. Auth via BITBUCKET_USERNAME + BITBUCKET_APP_PASSWORD (Cloud) or BITBUCKET_TOKEN (Server). No HTTP/SSE transport, no MCP OAuth. Tool groups can be filtered via BITBUCKET_TOOL_GROUPS env var. For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Tool Schema Quality
MEDIUMOnly 5 of 29 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
Maintenance & Trust
LOWCommunity-maintained by nexus2520
No official vendor backing.
Seek vendor verification.
HIGH9 dependency vulnerabilities (1 critical, 4 high)
npm audit found 1 critical and 4 high severity CVEs.
Run `npm audit fix` and update vulnerable dependencies.
Tools
29 total| Name | Description | Risk |
|---|---|---|
| get_pull_request | Get full details of a pull request including active comments, file changes, reviewer status, and merge commit information | read |
| list_pull_requests | List pull requests for a repository with optional filters | read |
| create_pull_request | Create a new pull request | write |
| update_pull_request | Update an existing pull request. Existing reviewers and their approval status are preserved when not explicitly updating the reviewer list. | write |
| merge_pull_request | Merge a pull request | write |
| decline_pull_request | Decline/reject a pull request | write |
| add_comment | Add a comment to a pull request. Supports general comments, threaded replies, inline comments on specific lines, and code suggestions. | write |
| delete_comment | Delete a comment from a pull request. Comments with replies cannot be deleted. | write |
| get_pull_request_diff | Get the diff for a pull request with structured line-by-line information. | read |
| set_pr_approval | Approve or remove approval from a pull request | write |
| set_review_status | Request changes on or remove a change request from a pull request | write |
| list_pr_tasks | List all tasks on a pull request (Bitbucket Server only) | read |
| create_pr_task | Create a new task on a pull request (Bitbucket Server only) | write |
| update_pr_task | Update the text of an existing task on a pull request (Bitbucket Server only) | write |
| delete_pr_task | Delete a task from a pull request (Bitbucket Server only) | write |
| set_pr_task_status | Mark a task as done or reopen it on a pull request (Bitbucket Server only) | write |
| convert_pr_item | Convert a comment to a task or a task back to a comment (Bitbucket Server only) | write |
| list_pr_commits | List all commits in a pull request | read |
| list_branch_commits | List commits in a branch with optional filters | read |
| list_branches | List branches in a repository | read |
| get_branch | Get detailed information about a branch including its latest commit and associated pull requests | read |
| delete_branch | Delete a branch | admin |
| list_directory_content | List files and directories in a repository path | read |
| get_file_content | Get file content from a repository with smart truncation for large files | read |
| search_files | Search for files by name or path pattern in a repository | read |
| search_code | Search for code across Bitbucket Server repositories (Server only) | read |
| search_repositories | Search for repositories by name or description (Bitbucket Server only) | read |
| list_projects | List all accessible Bitbucket projects/workspaces with optional filtering | read |
| list_repositories | List repositories in a project or across all accessible projects | read |
Deploy Bitbucket MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow