Security for Bitbucket: Enhanced Secret Scanning by Soteri
Run security audits for committed API keys, passwords, and more. Protect your dev workflow against accidental credential leaks

Detect and block dangerous commits
Accidentally committed secrets such as credentials, API keys, SSH keys, and passwords are a common vector for privilege escalation by attackers. Protect your organization by scanning and rejecting such commits.
Easy Security Audits
Run scans of already-committed content. Export results as downloadable reports, or drill down from the global status all the way to an individual branch via our interactive Security Scan Report.
Flexible workflows for false positives
False positives can be interactively dispositioned with the “Mark Reviewed” feature, or suppressed via an inline pragma directly in the affected file. Specific files or paths can also be excluded from scanning.
More details
Download now to detect and block users from checking in sensitive information such as passwords, public keys, API keys, etc. Protect your company from this common error that can be exploited by attackers!
✨ Feature highlights ✨
- Pre-receive hook to reject dangerous pushes
- Enabled per repository, per project, or globally
- Can be enabled in “Warn-only” mode, which notifies committers of findings but does not block.
- Git repository scanning to analyze previously committed code
- Trigger scans for a git repository, a project, or the whole Bitbucket instance
- Downloadable reports of scan findings
- REST API for scripting and automation
- Built-in rules for many common credentials leaks, such as ssh keys and API tokens
- Define your own custom scanning rules, globally or per-repository
- … and much more! See our documentation
😀 More apps you’ll like:
- Prevent accidentally exposing sensitive data with Security for Confluence
🗓 Want to know more? Schedule a demo
ℹ️ For Bitbucket 6, use version 3.19.2
Privacy and security
Privacy policy
Atlassian's privacy policy is not applicable to the use of this app. Please refer to the privacy policy provided by this app's partner.
Partner privacy policySecurity
Resources
Gallery
Trigger scans on bulk from the global dashboard.