Please make sure the rules you add aren’t too broad, as they can impact the performance of Bitbucket.

With Security for Bitbucket you can create custom security rules with regular expressions and have the hook scan code using those regexes. The rules can only be made by Bitbucket Administrators, and can only be enabled and disabled by admistrators.

To create a rule, go to Administration → Security for Bitbucket Server → Security Validation Rules → Custom Rules

Our application uses the built-in JDK java regex library (Java 7), which you can compare to other regex engines here.

If a secret that's being committed matches more than one regex, only the first match will be reported

Here are some example rules:

Bitcoin Address

^[13][a-km-zA-HJ-NP-Z0-9]{26,33}$	
JAVA

Youtube Links

<a\s+(?:[^>]*)href=\"((?:https|http):\/\/\w{0,3}.youtube+\.\w{2,3}\/watch\?v=[\w-]{11})">(?:.*?)<\/a>
CODE