Skip to main content
Skip table of contents

Defining Global Custom Detection Rules

Security for Bitbucket allows for creation of custom scanning rules using regular expressions. The rules can only be created, enabled, or disabled by Bitbucket Administrators or anyone that's been granted explicit access.

Please make sure the rules you add aren’t too broad, as they can impact the performance of Bitbucket.

To create a rule, access the settings page. The custom rules area appears near the bottom as shown:

Our application uses the built-in JDK java regex library (Java 8), which you can compare to other regex engines here.

If a secret on a single line matches more than one rule (built-in, custom, or a per-repository rule), only the first match will be reported.

Example Rules

Bitcoin Address

NONE 
^[13][a-km-zA-HJ-NP-Z0-9]{26,33}$

Youtube Links

CODE 
<a\s+(?:[^>]*)href=\"((?:https|http):\/\/\w{0,3}.youtube+\.\w{2,3}\/watch\?v=[\w-]{11})">(?:.*?)<\/a>
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close