Some scanning rules can generate many false positives, requiring more effort to disposition findings, and some rules are not universally applicable. The following rules are disabled in Security for Bitbucket by default:

  • GENERIC_PASSWORD - This rule generates a high rate of false positives. You can read more about this here: What is the GENERIC_PASSWORD rule and why is it disabled by default?

  • SSH_PUBLIC_KEY - SSH public keys are by definition not sensitive information. If your organization wants to prevent storing public keys in Bitbucket, this rule can be enabled.

  • Financial Rules - All financial rules are disabled by default because they are not necessarily applicable to all organizations, and have a high rate of false positives on certain kinds of source code.