Skip to content
Book a Demo

Stop Sensitive Information from Getting Published on Bitbucket

Over 200,000 developers rely on Security for Bitbucket to audit, detect, and remove secrets.

Try it now
Book a Demo
dots
verizon
mercedes-benz
fidelity
boa

Not Using Our App

  • Secrets get published
  • Attackers gain access to PII and other sensitive info
  • Financial damages in the billions of dollars
  • Damaged company reputation
Ellipse-4

Using Security for Bitbucket

  • Find sensitive information before hackers do
  • Protect PII and financial information
  • Comply with HIPAA and GDPR
  • Prevent secrets from getting published

Enhanced Bitbucket Security

A plug-and-play Bitbucket security app that scans your repositories for sensitive information so that common mistakes are caught before they are exploited by attackers.

No need to worry about 3rd party vendor compliance or reliability since Soteri's Secret Scanning is hosted within Bitbucket Data Center. Installation takes only 30 seconds.

security-for-bitbucket-blocking-commit-with-border-3

Three Easy Steps to Secure Bitbucket

1. Block

Put your security on autopilot with hooks to block dangerous commits.

2. Audit

Discover secrets, before the attacker with built-in and customizable scanning rules to audit existing commits.

3. Secure

Secure your systems to prevent data breaches by changing and removing your secrets.

Providing Peace of Mind to QA, DevOps, and Cloud Engineers

We reduce risk and protect your data from leaks.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
1*dZYzV_WG8gNVBwtJ-dAcqg
John Smith
Manager
Company
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
1*dZYzV_WG8gNVBwtJ-dAcqg
John Smith
Manager
Company
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
1*dZYzV_WG8gNVBwtJ-dAcqg
John Smith
Manager
Company

Built to Maximize Your Bitbucket Security

shield-x 1
Pre-receive hook to reject dangerous pushes
money-2
Built-in patterns for detecting leaked credentials, API keys, PII, credit card numbers, and banking information
fingerprint-2
Define your own custom scanning rules, globally or per-repository
report-2
Downloadable reports of scan findings
barcode-scanner
Git repository scanning to analyze previously committed code
api-2
REST API for scripting and automation

FAQs

What if there is a false positive?

Sometimes, Security for Bitbucket will find vulnerabilities which are false positives, credentials which have already been revoked, etc. If this happens, you can review the finding. This marks the finding, as well as any other findings which exactly match it, as reviewed in the current and future scans.

What do I do if a security scan finds a secret?

All secrets detected by a security scan should be considered compromised. Once a secret is committed, it is indexed by Bitbucket, and anyone with read access to the repository, project, or the whole Bitbucket instance could have obtained a copy. Scrubbing the secret from git history doesn’t sufficiently remediate risk.

Soteri recommends to:

  • Change the secret.

    • If a password is found, change it.

    • If an access token is found, generate a new access token and update your services to use the new token. Once all your services have been updated, revoke the old token.

  • Delete the secret from code. Secrets in code, revoked or not, send the signal to code contributors that secrets can be committed to code.

  • Enable Security For Bitbucket’s pre-commit hook. This is the best way to ensure that secrets don’t end up in Bitbucket again.

Start scanning commits for sensitive information
Try it Now