Stop Sensitive Information from Getting Published on Bitbucket
Over 200,000 developers rely on Security for Bitbucket to audit, detect, and remove secrets.
Not Using Our App
- Secrets get published
- Attackers gain access to PII and other sensitive info
- Financial damages in the billions of dollars
- Damaged company reputation
Using Security for Bitbucket
- Find sensitive information before hackers do
- Protect PII and financial information
- Comply with HIPAA and GDPR
- Prevent secrets from getting published
Enhanced Bitbucket Security
A plug-and-play Bitbucket security app that scans your repositories for sensitive information so that common mistakes are caught before they are exploited by attackers.
No need to worry about 3rd party vendor compliance or reliability since Soteri's Secret Scanning is hosted within Bitbucket Data Center. Installation takes only 30 seconds.
Three Easy Steps to Secure Bitbucket
Put your security on autopilot with hooks to block dangerous commits.
Discover secrets, before the attacker with built-in and customizable scanning rules to audit existing commits.
Secure your systems to prevent data breaches by changing and removing your secrets.
Providing Peace of Mind to QA, DevOps, and Cloud Engineers
Built to Maximize Your Bitbucket Security
What if there is a false positive?
Sometimes, Security for Bitbucket will find vulnerabilities which are false positives, credentials which have already been revoked, etc. If this happens, you can review the finding. This marks the finding, as well as any other findings which exactly match it, as reviewed in the current and future scans.
What do I do if a security scan finds a secret?
All secrets detected by a security scan should be considered compromised. Once a secret is committed, it is indexed by Bitbucket, and anyone with read access to the repository, project, or the whole Bitbucket instance could have obtained a copy. Scrubbing the secret from git history doesn’t sufficiently remediate risk.
Soteri recommends to:
Change the secret.
If a password is found, change it.
If an access token is found, generate a new access token and update your services to use the new token. Once all your services have been updated, revoke the old token.
Delete the secret from code. Secrets in code, revoked or not, send the signal to code contributors that secrets can be committed to code.
Enable Security For Bitbucket’s pre-commit hook. This is the best way to ensure that secrets don’t end up in Bitbucket again.