Security for Bitbucket allows for customizing the messages displayed to developers when the pre-receive hook either blocks or warns about the contents of a commit. This setting can be used to to provide additional information, like a link to a company security policy.

  • Reject message: displayed when user’s commits are blocked by the hook.

  • Warn message: displayed when a user’s commits have potentially sensitive content, but the hook is in warn mode.

  • Override message: displayed when the hook is run despite repository or project settings (global hook is configured to always run).

Customizable messages in the Security for Bitbucket settings.

The custom text provided will be displayed as a header of reject banner, followed by list of detected vulnerabilities. It affects all repositories in the Bitbucket instance.

To restore any of the default messages, set the corresponding text field to an empty value.