Hi Bitbucket/Forge developers,
I’m exploring a Forge-based security agent that scans Bitbucket commits and PRs for exposed secrets like API keys, tokens, or passwords and then auto-generates a remediation PR (or notification) suggesting how to remove them.
Some key features:
Secret detection with validation (e.g., checking if AWS key is active)
PR auto-generation with suggested fix (env var, config vault, etc.)
Manual approval required before applying
Optional extension to Jira/Confluence for scanning tickets or doc leaks
Would this be useful in your workflow or CI/CD pipelines?
Would you prefer a webhook-based trigger or native Forge app in Bitbucket Cloud?
Any edge cases or concerns you’d foresee?
Appreciate your thoughts validating before committing to a full build.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.