With Security for Bitbucket, you can disable security rules if a certain rule doesn’t fit the needs of your organization. The rules can only be enabled and disabled by Bitbucket administrators or anyone that's been granted explicit access.

To disable a rule, go to Administration → Security for Bitbucket Server → Security Validation Rules → Custom Rules. Alternatively, you may reach the configuration by clicking the gear icon on the Security Scan Report:

Global rule configuration in the Security for Bitbucket settings.

If a scan with no vulnerabilities has been completed prior to toggling a rule, that scan will have a status of “settings changed” and be counted as “outdated” in repository and project statistics.