Reject commits that contain passwords, private keys, cloud credentials, etc
Reject commits that contain passwords, private keys, cloud credentials, etc
Reject commits that contain passwords, private keys, cloud credentials, etc
Detect and Block Sensitive Commits from Check-in
Easy to Use
Over 30 Different Key Patterns Detected
Keep your secrets safe by blocking sensitive information such as passwords, public keys, access keys, etc. from being checked into your git repositories
Secure your repository or project today by enabling our repository or project hook.
Security for Bitbucket Server detects over 30 specific credential and key patterns, like public keys, private keys, passwords, AWS keys, SSH keys and more, with new patterns being added every day.
Detect and Block Sensitive Commits from Check-in
Easy to Use
Over 30 Different Key Patterns Detected
Keep your secrets safe by blocking sensitive information such as passwords, public keys, access keys, etc. from being checked into your git repositories
Secure your repository or project today by enabling our repository or project hook.
Security for Bitbucket Server detects over 30 specific credential and key patterns, like public keys, private keys, passwords, AWS keys, SSH keys and more, with new patterns being added every day.
More details
Any user can check in sensitive information such as passwords, public keys, access keys, etc. into a git repository. Bitbucket does not have a way to eliminate or detect and block users who exhibit this behavior; the typical developer workflows make this an easy omission even by well-intentioned users. This poses a very large security risk as this information could be passwords for network devices, private keys, or even personal credentials for highly sensitive systems. This can lead to privilege escalation, either by malicious users who have network access to the Bitbucket server, or by an external attacker who has bridged perimeter security.
Our application integrates into Bitbucket and detects and blocks sensitive information from being checked in.
More details
Any user can check in sensitive information such as passwords, public keys, access keys, etc. into a git repository. Bitbucket does not have a way to eliminate or detect and block users who exhibit this behavior; the typical developer workflows make this an easy omission even by well-intentioned users. This poses a very large security risk as this information could be passwords for network devices, private keys, or even personal credentials for highly sensitive systems. This can lead to privilege escalation, either by malicious users who have network access to the Bitbucket server, or by an external attacker who has bridged perimeter security.
Our application integrates into Bitbucket and detects and blocks sensitive information from being checked in.
Reviews for cloud
(1)Sign in to write a reviewThere are no reviews yet. Be the first to review this app.
Reviews for server
(1)Sign in to write a review
Reviews for Data Center
(1)Sign in to write a reviewThere are no reviews yet. Be the first to review this app.
Cloud Pricing
Server Pricing
Data Center Pricing
Mohami provides support for this app.
Mohami provides support for this app.
Vendor support resources
Find out how this app works.
Vendor support resources
Find out how this app works.
Versions
Version 1.2.0 • Bitbucket Server 5.2.0 - 6.10.0 • Released 2020-01-03
Summary
Added support for Whitelisting
Details
- SOTERIA-12 You can now whitelist secrets by adding an inline comment on the secret. Read more about that here.
- SOTERIA-14 Improved secret detections for Heroku, Stripe and Slack.
Versions
Version 1.3.0 • Bitbucket Data Center 5.2.0 - 6.10.0 • Released 2020-01-21
Summary
Now Data Center Compatible
Installation
- Log into your Bitbucket instance as an admin.
- Click the admin dropdown and choose Add-ons. The Manage add-ons screen loads.
- Click Find new apps or Find new add-ons from the left-hand side of the page.
- Locate Security for Bitbucket via search. Results include app versions compatible with your Bitbucket instance.
- Click Install to download and install your app.
- You're all set! Click Close in the Installed and ready to go dialog.
To find older Security for Bitbucket versions compatible with your instance, you can look through our version history page.
- Log into your Bitbucket instance as an admin.
- Click the admin dropdown and choose Add-ons. The Manage add-ons screen loads.
- Click Find new apps or Find new add-ons from the left-hand side of the page.
- Locate Security for Bitbucket via search. Results include app versions compatible with your Bitbucket instance.
- Click Install to download and install your app.
- You're all set! Click Close in the Installed and ready to go dialog.
To find older Security for Bitbucket versions compatible with your instance, you can look through our version history page.
Similar apps
