With Security for Bitbucket, you can disable security rules if a certain rule doesn’t fit the needs of your organization. The rules can only be enabled and disabled by Bitbucket administrators or anyone that's been granted explicit access.

To disable a rule, go to Administration → Security for Bitbucket Server → Security Validation Rules → Custom Rules. Alternatively, you may reach the configuration by clicking the gear icon on any dashboard:

In the Project- and Repository-level Dashboards, if you are not a Bitbucket admin nor a recipient of explicit access, the gear icon will not appear.

This will take you to the Security for Bitbucket Settings page. The built-in rules area appears near the bottom as shown:

Global rule configuration in the Security for Bitbucket settings.

Global rule configuration in the Security for Bitbucket settings

If a scan with no vulnerabilities has been completed prior to toggling a rule, that scan will have a status of “settings changed” and be counted as “outdated” in repository and project statistics.