Skip to main content

BitBucket App Password

Description

General

App passwords are user-based access tokens designed to be used for a single purpose with limited permissions. The permissions can include access to account data, repositories, etc.

Revoke the secret

An App Password can be revoked from the bitbucket settings, see docs.

Details for BitBucket App Password Basic Auth

  • Family: credentials

  • Category: version_control_platform

  • Company: Bitbucket

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.84

  • Prefixed: False

Details for BitBucket App Password

  • Family: credentials

  • Category: version_control_platform

  • Company: Bitbucket

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.125

  • Prefixed: False

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: False
  • Total network call count: 50
  • Total call count may vary: True

HTTP Calls

Requests are designed to capture metadata and not to function effectively.

  • GET: /2.0/repositories?role=member
  • GET: /2.0/user/permissions/repositories
  • GET: /2.0/user/permissions/workspaces
  • HEAD: /2.0/repositories

Other Calls

Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.