Bitbucket mark

Security for Bitbucket

Stop Sensitive Information from Getting Published on Bitbucket

Over 200,000 developers rely on Security for Bitbucket to audit, detect, and remove secrets from Bitbucket repositories.

Soteri Is Protecting Top Companies

Trusted by the Fortune 500 because we don't phone home like other competing brands.

What will an attacker find in Bitbucket?

How Threat actor stole access and found Bitbucket credentials.

Result IP sold on the black market

How Hacker accessed sensitive information of downstream users including Bitbucket access tokens.

Result 190k vulnerable Bitbucket accounts

How Hacker stole session cookie from employee’s laptop.

Result Customer env variables, tokens, and keys accessed

Bitbucket mark

Bitbucket CVE-2022-26136

Allows a remote, unauthenticated attacker to bypass Servlet Filters, leading to authentication bypass and cross-site scripting (XSS).

Bitbucket mark

Bitbucket CVE-2023-22513

Allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality of Bitbucket data.

Bitbucket mark

Bitbucket CVE-2023-25194

Third-Party dependency vulnerability allows authenticated attackers to compromise confidentiality in Bitbucket instances.

Assume an attacker is in your systems...

Whether from a new CVE or something else.

What will they find?

Shield and a globe


Soteri respects data sovereignty, ensuring your sensitive information remains secure, confined and never transmitted elsewhere.

Phone off icon

Bitbucket Data Center

We are a totally offline solution meaning data never leaves the premises, prioritizing your privacy and security. While other integrations, like GitGuardian, may compromise your data, Soteri remains committed to safeguarding your sensitive information. In short, we never phone home.

Badge for #1 Bitbucket Security App

Enhanced Bitbucket Security

Code scanning graphic with found vulnerabilities on Bitbucket

A plug-and-play Bitbucket security app that scans your Bitbucket repositories for sensitive information so that common mistakes are caught before they are exploited by attackers.

No need to worry about 3rd party vendor compliance or reliability since Soteri's secret scanning is hosted within your Bitbucket Data Center instance. Installation takes only 30 seconds.

How it Works

Three Easy Steps to Secure Bitbucket Data Center

Adding secret scanning to your security testing is simple with Security for Bitbucket.

1. Block

Put your security testing on autopilot with hooks to block dangerous commits.

Once the developer tries to push a commit, Bitbucket will reject the commit if a known vulnerability is present. Keep your Bitbucket repositories free of API keys, SSH keys, passwords, and much more!

2. Audit

Discover secrets with built-in and customizable scanning rules to audit existing commits.

It's vital to not only block new commits, but to use the secret scanning rules on existing code to prevent privilege escalation and data leaks.

3. Secure

Secure your systems to prevent data breaches by changing and removing your secrets.

View the docs for more info on handling discovered secrets.


Built to Maximize Your Bitbucket Security

Hand with warning sign

Block Dangerous Commits

Enable the pre-receive hook to scan all commits for secrets. When a secret is found, the commit is rejected meaning it will never enter your Bitbucket repository. Find a false positive? Ignore it with a pragma.

Scanning for...
API badge
Eyes looking at code

Find Commonly Leaked Secrets, and Then Some

Have confidence in your Bitbucket secret scanning as 40+ secrets are automatically detected. Add unlimited custom rules (via regex) to detect other sensitive information. We automatically detect SSH keys, private keys, API keys, credentials, financial information, and much more.

Person looking at code

Downloadable Reports of Scan Findings

Export the secret scanning findings into a CSV that'll show each Bitbucket repository, branch, and name of the secret found (+9 other columns).

Full Text
Scanning Bitbucket...
Exporting CSV...
Dev secret found...
Alerting dev team...
Checklist for protection

REST API for Scripting and Automation

Use the API to create automations that scan your Bitbucket repositories, download the results, and automatically notify people about them. For more complex workflows, you can automate the proper person/team depending on the secret found or where it was found.

More features

Enabled per repository, per project, or globally

Warn-only mode can notify about security issues without blocking commits

Trigger scans for a repo, a project, or the whole Bitbucket instance

Flexible workflows for false positives

Be Confident in Your Cloud

Without Soteri

  • Secrets get published
  • Attackers gain access to sensitive info
  • Financial damages in the billions of dollars
  • Damaged company reputation

With Soteri Scanning

  • Find sensitive info before hackers do
  • Protect PII and financial information
  • Comply with HIPAA and GDPR
  • Be proactive instead of reactive

Security for Bitbucket FAQs

Here's more information about Security for Bitbucket.
Need something else? Start a chat in the bottom right.

Which secrets does Security for Bitbucket look for?

The software automatically detects over 40 secrets in git repositories. Here's a full list of the secrets we scan for. You can easily add additional rules in the UI using regex.

Is my code and data private?

Yes! Soteri respects data sovereignty, ensuring your sensitive information remains secure, confined and never transmitted elsewhere. In other words, we don't phone home.

Does this work with Bitbucket Cloud?

Not at this time, although we have it on our backlog to support Bitbucket Cloud secret scanning. We currently support Bitbucket Server and Data Center. If you want to scan Bitbucket Cloud, check out our Scanning Service which is an API you can integrate into your workflow that scans any service for security vulnerabilities.

Do you offer support?

Yes, 24 hours a day. Through our support portal you can get in touch with us, report a bug, suggest a feature, and more!

What happens if Security for Bitbucket finds sensitive data?

All secrets detected by a security scan should be considered compromised. We recommend changing the secret (e.g., reseting passwords or rotating API keys), removing it from source code, and enabling the pre-commit hook to prevent secrets from ending up in your git repository. Here are the full docs for more info.

Are secrets lurking in your code? Scan your repository now!