Security for Bitbucket - Soteri

by Soteri
for Bitbucket Server 6.0.0 - 7.17.0, Bitbucket Data Center 6.0.0 - 7.17.0 and more
300 installs
  • Supported

Run security audits for committed API keys, passwords, and more. Protect your dev workflow against accidental credential leaks

Detect and block dangerous commits

Accidentally committed secrets such as credentials, API keys, SSH keys, and passwords are a common vector for privilege escalation by attackers. Protect your organization by scanning and rejecting such commits.

Easy Security Audits

Run scans of already-committed content. Export results as downloadable reports, or drill down from the global status all the way to an individual branch via our interactive Security Scan Report.

40 Built-in Patterns Detected & Add Your Own

Security for Bitbucket detects over 40 specific credential and key patterns, including SSH keys and access keys for all major cloud providers (AWS, Google Cloud, Azure, etc). Adding your own custom patterns is a snap.

More details

Download now to detect and block users from checking in sensitive information such as passwords, public keys, access keys, etc. Protect your company from this common error that can be exploited by attackers!

✨ Feature highlights ✨

  • Pre-receive hook to reject dangerous pushes
    • Can be enabled per repository, per project, or globally
    • The hook can be enabled in “Warn-only” mode, which notifies committers of findings but does not block.
  • Repository scanning to analyze previously committed code
    • Trigger scans for a repository, a project, or the whole Bitbucket instance
  • Downloadable reports of scan findings
  • REST API for scripting and automation
  • Built-in rules for many common credentials leaks, such as ssh keys and API tokens
  • Define your own custom scanning rules, globally or per-repository
  • … and much more! See our documentation

ℹ️ For Bitbucket 5, use Security for Bitbucket version 2.5.2

Privacy and security

Privacy policy

Atlassian's privacy policy is not applicable to the use of this app. Please refer to the privacy policy provided by this app's vendor.

Vendor privacy policy

Security

This app is not part of the Marketplace Bug Bounty program. Learn more

Resources

Gallery

Trigger scans on bulk from the global dashboard.