Heres a list of current vulnerabilities that are detected by Security for Bitbucket Server:

Common KeysSupported
EC keys
SUPPORTED
Generic secret
SUPPORTED
Generic API keys (most general hash that an API key will match with)
SUPPORTED
PKCS8 (private keys generally used on unix machines)
SUPPORTED
Generic API keys (most general hash that an API key will match with)
SUPPORTED
SSH keys
SUPPORTED
Passwords in URL's
SUPPORTED
PGP keys
SUPPORTED
PKCS8 (private keys generally used on unix machines)
SUPPORTED
Password detection (people storing passwords in plain text)SUPPORTED
Custom key and pattern detection through advanced regex useSUPPORTED
API KeysSupported
AWS client ID's
SUPPORTED
AWS secret keys
SUPPORTED
AWS MWS keys
SUPPORTED
Facebook secret keys
SUPPORTED
Facebook client ID's
SUPPORTED
Facebook access tokens
SUPPORTED
Github keys
SUPPORTED
Google API key
SUPPORTED
Google Cloud Platform API key
SUPPORTED
Google OAUTH access token
SUPPORTED
Heroku API key
SUPPORTED
LinkedIn client ids
SUPPORTED
Mailchimp API key
SUPPORTED
Mailgun API key
SUPPORTED
Paypal BrainTree access tokens
SUPPORTED
Picatic API keys
SUPPORTED
Slack keys
SUPPORTED
Slack webhooks
SUPPORTED
Square access tokens
SUPPORTED
Square Oauth secrets
SUPPORTED
Stripe API key
SUPPORTED
Twilio API key
SUPPORTED
Twitter client ID's
SUPPORTED
Twitter secret keys
SUPPORTED