I'm happy to announce that in Bitbucket Data Center 8.3 we released Secret scanner. It checks commits for secrets after they get into repositories. Secret rules can be configured as regex expressions on global, project and repository level. Scanner also has an allow-list for secrets to help minimize false positive results, and an exempt-list for repositories that don't need scanning. We plan to keep on enhancing Secret scanner in the future to help you get the most out of Bitbucket Data Center.
You can find more information about Secret scanner in the docs.
Product Manager - Bitbucket Data Center