Scan data for secrets
Bitbucket
5min
enterprise feature this feature is only available with trufflehog enterprise contact us to learn more {{source}} to bitbucket configuration options web configuration you can configure this integration via the web ui through the integrations tab or you can use a local configuration file as outlined below local configuration bitbucket cloud with pat sources \ connection '@type' type googleapis com/sources bitbucket endpoint https //bitbucket org/myworkspace ignorerepos \ https //bitbucket ourbusiness com/linux kernel/ignore git \ https //bitbucket ourbusiness com/torvalds/ignore2 git skipbinaries true \# bitbucket provides three types of access tokens \# we recommend using the “workspace access token” \# as it provides access to all projects and repositories token atcttxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name bitbucket cloud token auth scanperiod 12h type source type bitbucket verify true bitbucket cloud with basic auth sources \ connection '@type' type googleapis com/sources bitbucket basicauth \# the password needs to be a bitbucket generated app password \# the password must have read access for both the \# account and repositories tokens cannot be used \# in place of the password for bitbucket cloud password xxxxxxxxxxxxxxxxxxxxxxxxxx username scanner account endpoint https //bitbucket org/myworkspace ignorerepos \ https //bitbucket ourbusiness com/linux kernel/ignore git \ https //bitbucket ourbusiness com/torvalds/ignore2 git skipbinaries true name bitbucket cloud basic auth scanperiod 12h type source type bitbucket verify true bitbucket server/datacenter with basic auth sources \ connection '@type' type googleapis com/sources bitbucket endpoint https //bitbucket ourbusiness com basicauth \# for bitbucket server / datacenter you can use an \# app password or a token for authentication password xxxxxxxxxxxxxxxxxxxxxxxxxx username scanner account ignorerepos \ https //bitbucket ourbusiness com/linux kernel/ignore git \ https //bitbucket ourbusiness com/torvalds/ignore2 git name bitbucket server scanperiod 12h type source type bitbucket verify true key description required endpoint the endpoint uri for bitbucket yes if using basic auth repositories list of repositories to scan leaving it off will enumerate them instead no ignorerepos list of repositories to ignore typically used when using enumeration no skipbinaries if true, binary files will be ignored no skiparchives if true, archive files will be ignored no capabilities feature supported scan archive files ✅ scan archived repos ✅ scan base64 encoded data ✅ scan binaries ✅ exclude filter ✅ history ✅ include filter ✅ pre commit ✅ pre receive ✅ resumption ✅ notes trufflehog doesn't scan diffs larger than 1 gb there is presently an known issue where, when you attempt to clone multiple refs that cannot coexist on disk at the same time, an error is thrown here is an anonymized example of this error thrown in github, but it would look similar in bitbucket "could not clone repo https //git xxxxx com/xxxxx/thog git, error executing git clone exit status 128, fatal cannot process 'refs/remotes/origin/release/21 22/test' and 'refs/remotes/origin/release/21 22' at the same time\n" this happens with some particular ref configurations that are not common in repositories, but occasionally exist when it is thrown, we will skip over the repo causing this error and begin scanning the next one there are workarounds that can be implemented that can attempt to scan the repos that throw this error but they have 2 potential limitations first, they may not be able to scan the entire repo second, they may require a manual step to run the scan if you would like assistance establishing a workaround, please open a bug report here report a bug