Skip to main content
Skip table of contents

Enabling and Disabling Global Detection Rules

With Security for Bitbucket, you can disable security rules if a certain rule doesn’t fit the needs of your organization. The rules can only be enabled and disabled by Bitbucket administrators or anyone that's been granted explicit access.

To disable a rule, go to Administration → Security for Bitbucket Server → Security Validation Rules → Custom Rules. Alternatively, you may reach the configuration by clicking the gear icon on any dashboard:

In the Project- and Repository-level Dashboards, if you are not a Bitbucket admin nor a recipient of explicit access, the gear icon will not appear.

This will take you to the Security for Bitbucket Settings page. The built-in rules area appears near the bottom as shown:

Global rule configuration in the Security for Bitbucket settings.

Global rule configuration in the Security for Bitbucket settings

If a scan with no vulnerabilities has been completed prior to toggling a rule, that scan will have a status of “settings changed” and be counted as “outdated” in repository and project statistics.

Who changed rules and when can be audited using the Audit Log. More information can be found in Viewing Audited Events.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.