It would be good to have a default secret scanning feature similar to BB server - https://confluence.atlassian.com/bitbucketserver/secret-scanning-1157471613.html.

Enhancement - It would be even better if the secret scanner can reject a push if it detects a secret before-hand using hooks.

Workaround:
We can use the git secrets pipe to scan for secrets in a repository - https://bitbucket.org/atlassian/git-secrets-scan/src/master/