Security for Bitbucket: Enhanced Secret Scanning by Soteri

by Soteri
for Bitbucket Server 7.0.0 - 8.8.2, Bitbucket Data Center 7.0.0 - 8.8.2 and more
260 installs
  • Supported

Run security audits for committed API keys, passwords, and more. Protect your dev workflow against accidental credential leaks

YouTube's thumbnail image for the video.

Detect and block dangerous commits

Accidentally committed secrets such as credentials, API keys, SSH keys, and passwords are a common vector for privilege escalation by attackers. Protect your organization by scanning and rejecting such commits.

Easy Security Audits

Run scans of already-committed content. Export results as downloadable reports, or drill down from the global status all the way to an individual branch via our interactive Security Scan Report.

Flexible workflows for false positives

False positives can be interactively dispositioned with the “Mark Reviewed” feature, or suppressed via an inline pragma directly in the affected file. Specific files or paths can also be excluded from scanning.

More details

Download now to detect and block users from checking in sensitive information such as passwords, public keys, API keys, etc. Protect your company from this common error that can be exploited by attackers!

✨ Feature highlights ✨

  • Pre-receive hook to reject dangerous pushes
    • Enabled per repository, per project, or globally
    • Can be enabled in “Warn-only” mode, which notifies committers of findings but does not block.
  • Git repository scanning to analyze previously committed code
    • Trigger scans for a git repository, a project, or the whole Bitbucket instance
  • Downloadable reports of scan findings
  • REST API for scripting and automation
  • Built-in rules for many common credentials leaks, such as ssh keys and API tokens
  • Define your own custom scanning rules, globally or per-repository
  • … and much more! See our documentation

😀 More apps you’ll like:

🗓 Want to know more? Schedule a demo

ℹ️ For Bitbucket 6, use version 3.19.2

Privacy and security

Privacy policy

Atlassian's privacy policy is not applicable to the use of this app. Please refer to the privacy policy provided by this app's partner.

Partner privacy policy


This app is part of the Marketplace Bug Bounty Program. Learn more



Trigger scans on bulk from the global dashboard.