Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-14098

Ability to have secret scan hits emailed to a distribution list


    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Security - Other
    • None
    • 8
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Currently, when a security scan is performed, and secrets are detected:

      Email notifications are sent out to everyone involved in the commit history of the secret: the authors, committers, and the developer who pushed or merged the code containing secrets into the repositories

      We want the ability to define a specific subset of people, other than admins, to be alerted of any secrets that have been detected. It could be that they are included as recipients in the alerts themselves or that the alerts are shown in a dashboard available only to that subset of users.

      In our case, we would want people in our central security team to have visibility into any alerts so that users who included any secrets with their code have some incentive to remediate this, knowing that it won’t go unnoticed. It could be somewhat similar to what GitHub calls “security managers.”

            Unassigned Unassigned
            cdrummond Craig Drummond
            12 Vote for this issue
            13 Start watching this issue