Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-14098

Ability to have secret scan hits emailed to a distribution list

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Security - Other
    • None
    • 20
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Currently, when a security scan is performed, and secrets are detected:

      Email notifications are sent out to everyone involved in the commit history of the secret: the authors, committers, and the developer who pushed or merged the code containing secrets into the repositories

      We want the ability to define a specific subset of people, other than admins, to be alerted of any secrets that have been detected. It could be that they are included as recipients in the alerts themselves or that the alerts are shown in a dashboard available only to that subset of users.

      In our case, we would want people in our central security team to have visibility into any alerts so that users who included any secrets with their code have some incentive to remediate this, knowing that it won’t go unnoticed. It could be somewhat similar to what GitHub calls “security managers.”

              Unassigned Unassigned
              cdrummond Craig Drummond
              Votes:
              14 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated: