A pop-up survey could appear while you're here --curious what it's for? Click here to learn more!

×
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

git-secrets-scan does not create inline annotations

Yuri Uchida
Yuri Uchida
June 25, 2026

Version of the pipe:  3.2.0

Hello, I am using the above version of the git-secret-scan to create a pipeline to scan for any committed secrets in a pull request. 

While I got the pipe to run and generate a report, I am having trouble getting the inline annotations to work. We have the pipe steps defined as a shared pipeline, like this:

export: true

definitions:
  pipelines:
    secret-scanning:
      - step:
          name: "secret-scanning"
          script:
            - echo "Running secret scanning against the PR"
            - git fetch origin $BITBUCKET_PR_DESTINATION_BRANCH
            - pipe: atlassian/git-secrets-scan:3.2.0
              variables:
                DEBUG: "true"
                GITLEAKS_EXTRA_ARGS:
                  - "--redact"
                  - "--log-opts=origin/$BITBUCKET_PR_DESTINATION_BRANCH..HEAD"
And the consuming repositories would call them like this:
clone:
  depth: full
definitions:
  imports:
    infra-build-pipelines: infra-build-pipelines:feature/{branchname}:secret-scanning-pipelines.yml
pipelines:
  pull-requests:
    '**':
      import: secret-scanning@infra-build-pipelines
Is there something I am missing here, perhaps an extra argument I need to add? The documentation keeps pointing that the pipe should take care of the report generation and inline annotations, but we cannot get the annotations to work. We've checked to make sure that the annotation feature is turned on.
Answer
Watch
Like Be the first to like this
77 views

2 answers

0 votes
Yuri Uchida
Yuri Uchida
June 26, 2026

Looking further into the pipe's code, it looks like the "path" and "line" properties in the query_annotation dictionary was removed.

https://bitbucket.org/atlassian/git-secrets-scan/pull-requests/35/diff

Perhaps this was intentional, but it may be the reason inline annotations are not working anymore. Or I misunderstood what inline annotation mean and that what they have currently (link in the report itself that will direct you to the line of code) is what the expected behavior is.

Reply
0 votes
Arkadiusz Wroblewski
Arkadiusz Wroblewski
Community Champion
June 26, 2026

Hello and Welcome to Atlassian Community  @Yuri Uchida 

Maybe this older topic from 2025 will be helpful for you.

Solved: atlassian/git-secrets-scan does not annotate the c...

Best,

Arek🤠

View More Comments
Yuri Uchida
Yuri Uchida
June 26, 2026

Thanks for the post. I did look at this, and my issue isn't that the links are pointing to the wrong commit, it just isn't showing up inline in the diff view in PRs, which is what I was expecting 

Like Arkadiusz Wroblewski likes this
Arkadiusz Wroblewski
Arkadiusz Wroblewski
Community Champion
June 26, 2026

@Yuri Uchida 

Okay, I will take a deeper look on this this weekend.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security