Forrester: The State of Application Security, 2022

GitGuardian for Internal Repositories Monitoring

Prevent secrets sprawl.

Available in Saas

Available on Prem

Scanning Bitbucket for secrets

BitBucket Server, formerly known as Stash, is an Atlassian distributed Version Control System that can be deployed on-premise and can be offered for free to open source projects. Favored by many DevOps teams, BitBucket Server provides integrations with the rest of Atlassian products.

However, running security audits at the end of the software development life cycle is a huge amount of work for security teams.

Modern organizations, therefore, decide to shift left so that development, operations, and security teams can scan and test their code in BitBucket server at each step of the development process, reducing the vulnerability surface.

Sensitive data is made available for developers. Are you sure it is not hardcoded in the source code?

Applications are more and more modular and secrets are used to programmatically link components. API keys and other credentials give access to multiple systems including cloud infrastructure, databases, payment systems. Exposing these secrets is like leaving your keys on your front door.

Secrets are widely exposed

This problem is so critical that it even has a name : “secret sprawl”. Secrets are hardcoded in configuration files or source code, they are shared over slack or email.

This exposure allows malicious actors to move laterally and become persistent. Secrets are becoming far too accessible internally but also externally.

The Software Development Life Cycle is accelerating

Development teams are growing and they have to use more and more technologies while release cycles are becoming shorter . All conditions are gathered for more human errors. Code scanning in Bitbucket for security vulnerabilities is the best way to find those mistakes.