With Security for Bitbucket, you can disable security rules if a certain rule doesn’t fit the needs of your organization. The rules can only be enabled and disabled by Bitbucket administrators or anyone that's been granted explicit access.
To disable a rule, go to Administration → Security for Bitbucket Server → Security Validation Rules → Custom Rules. Alternatively, you may reach the configuration by clicking the gear icon on any dashboard:
In the Project- and Repository-level Dashboards, if you are not a Bitbucket admin nor a recipient of explicit access, the gear icon will not appear.
This will take you to the Security for Bitbucket Settings page. The built-in rules area appears near the bottom as shown:
If a scan with no vulnerabilities has been completed prior to toggling a rule, that scan will have a status of “settings changed” and be counted as “outdated” in repository and project statistics.