Skip to main content
Skip table of contents

Defining Global Custom Detection Rules

Please make sure the rules you add aren’t too broad, as they can impact the performance of Bitbucket.

With Security for Bitbucket you can create custom security rules with regular expressions. The rules can only be created, enabled or disabled by Bitbucket Administrators or anyone that's been granted explicit access.

To create a rule, go to Administration → Security for Bitbucket Server → Security Validation Rules → Custom Rules. Alternatively, you may reach the configuration by clicking the gear icon on the Security Scan Report:

Our application uses the built-in JDK java regex library (Java 7), which you can compare to other regex engines here.

If a secret that's being committed matches more than one regex, only the first match will be reported

Here are some example rules:

Bitcoin Address

JAVA
^[13][a-km-zA-HJ-NP-Z0-9]{26,33}$	

Youtube Links

CODE
<a\s+(?:[^>]*)href=\"((?:https|http):\/\/\w{0,3}.youtube+\.\w{2,3}\/watch\?v=[\w-]{11})">(?:.*?)<\/a>
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.