Repository-level Scan Report
Developers (anyone with repository write access) can scan their repositories for vulnerabilities, including any custom vulnerabilities defined in the global rules.
![](../../__attachments/14581596164/image-20210917-000836.png?inst-v=1b0af743-2cdd-4a08-ad47-6dd768c8f61d)
The repository scan report page
To view and trigger a repository scan, you will need Repository Administrator permissions. Navigate to your repository of choice, and then go to the new Security Tab.
![](../../__attachments/14581596164/image-20210917-001236.png?inst-v=1b0af743-2cdd-4a08-ad47-6dd768c8f61d)
Once in the security tab click the Trigger Scan button:
![](../../__attachments/14581596164/image-20210917-001335.png?inst-v=1b0af743-2cdd-4a08-ad47-6dd768c8f61d)
This will cause either a scan to start or be scheduled if Bitbucket already has multiple scans ongoing. Results will start to populate as the app finds vulnerabilities in files within the repository:
![](../../__attachments/14581596164/image-20210917-001412.png?inst-v=1b0af743-2cdd-4a08-ad47-6dd768c8f61d)
Results of the scan can also be filtered by vulnerability type, and you can also choose the branch you would like to perform a scan on.