How do you find secrets or passwords that might have been accidentally checked into Bitbucket?

Mohammed Davoodi _Soteri_ May 26, 2022

How do we make sure we don't have any developers who have checked in passwords or secrets into code accidentally?

1 answer

1 accepted

1 vote
Answer accepted
Mohammed Davoodi _Soteri_ May 26, 2022

You can use credentials scanning solutions comb through git repositories and flag anything sensitive that was committed in error.

For Bitbucket, you can use our app Security for Bitbucket. Security for Bitbucket streamline this process. Scans can be performed, reviewed, and dispositioned without scripting or setting up an external service. Security for Bitbucket also integrates with Bitbucket’s hook architecture to block any dangerous incoming commits. Without such an integration, committed secrets can only be caught after the fact, and must be considered compromised and rotated out.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events