Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Would a Forge app that detects secrets in Bitbucket commits and auto-suggests PR fixes be useful?

johnsbucket
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 5, 2025

 

Hi Bitbucket/Forge developers,

 I’m exploring a Forge-based security agent that scans Bitbucket commits and PRs for exposed secrets like API keys, tokens, or passwords and then auto-generates a remediation PR (or notification) suggesting how to remove them. 

Some key features:

  • Secret detection with validation (e.g., checking if AWS key is active)

  • PR auto-generation with suggested fix (env var, config vault, etc.)

  • Manual approval required before applying

  • Optional extension to Jira/Confluence for scanning tickets or doc leaks

Would this be useful in your workflow or CI/CD pipelines?

Would you prefer a webhook-based trigger or native Forge app in Bitbucket Cloud?

Any edge cases or concerns you’d foresee?

Appreciate your thoughts validating before committing to a full build.

1 answer

0 votes
fzmuhammad
Contributor
July 5, 2025

This sounds super useful, especially for teams pushing code frequently. Secrets slipping into commits are more common than we’d like to admit. Auto-generating PRs with suggested fixes (and requiring manual approval) strikes a good balance between automation and control. A native Forge app would be ideal for better integration, but webhook support could help with flexibility. A valuable addition to a secure CI/CD workflow.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events