Hi Bitbucket/Forge developers,
I’m exploring a Forge-based security agent that scans Bitbucket commits and PRs for exposed secrets like API keys, tokens, or passwords and then auto-generates a remediation PR (or notification) suggesting how to remove them.
Some key features:
Secret detection with validation (e.g., checking if AWS key is active)
PR auto-generation with suggested fix (env var, config vault, etc.)
Manual approval required before applying
Optional extension to Jira/Confluence for scanning tickets or doc leaks
Would this be useful in your workflow or CI/CD pipelines?
Would you prefer a webhook-based trigger or native Forge app in Bitbucket Cloud?
Any edge cases or concerns you’d foresee?
Appreciate your thoughts validating before committing to a full build.
This sounds super useful, especially for teams pushing code frequently. Secrets slipping into commits are more common than we’d like to admit. Auto-generating PRs with suggested fixes (and requiring manual approval) strikes a good balance between automation and control. A native Forge app would be ideal for better integration, but webhook support could help with flexibility. A valuable addition to a secure CI/CD workflow.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.