AI Code Review for Bitbucket Data Center: Setup Guide 2026

AI Code Review for Bitbucket Data Center: Setup Guide 2026

Bitbucket Data Center is Atlassian's self-managed enterprise Git platform. If you're running Data Center on-premise or in your private cloud, this guide shows you how to set up AI-powered code review with Git AutoReview, the only AI tool with full Bitbucket Data Center support.

TL;DR: Key Points

• Git AutoReview fully supports Bitbucket Data Center (most competitors skip Bitbucket entirely)
• Works behind corporate firewalls: outbound HTTPS only, no inbound connections
• Human-in-the-loop approval prevents AI hallucinations from reaching your PRs
• BYOK (Bring Your Own Key) means code goes directly to your AI provider (Anthropic, Google, OpenAI)
• Setup takes 10-15 minutes: install extension, configure connection, add API keys

Why AI Code Review for Bitbucket Data Center?

The Challenge: Most AI Tools Skip Bitbucket

Here's the frustrating reality for Bitbucket Data Center teams:

AI Tool	GitHub	GitLab	Bitbucket Cloud	Bitbucket Data Center
Git AutoReview	✅	🔜 Q1 2026	✅	✅ Full support
CodeRabbit	✅	✅	❌	❌
Qodo	✅	✅	⚠️ Limited	❌
GitHub Copilot	✅	❌	❌	❌
Sourcery	✅	✅	❌	❌

Git AutoReview is the only tool that fully supports Bitbucket Data Center.

Why Enterprise Teams Need AI Code Review

Time Savings:

• AI reviews complete in 10-60 seconds vs hours/days waiting for human reviewers
• 30-50% reduction in overall code review time
• Unblock PR bottlenecks during migrations or team growth

Quality Improvements:

• Catch 20-40% more bugs, security issues, and code smells
• Consistent review standards across all PRs
• Never miss obvious issues due to reviewer fatigue

Enterprise Requirements Met:

• Data privacy: BYOK means code goes directly to your AI provider
• Compliance: Works with SOC 2, ISO 27001, HIPAA requirements
• Network security: Outbound HTTPS only, no inbound connections
• Access control: Works with existing LDAP/SSO authentication

Git AutoReview Setup for Bitbucket Data Center

Follow these steps to deploy AI code review on your Data Center instance.

Prerequisites

Before starting, make sure you have:

• Bitbucket Data Center instance (any version 7.0+)
• VS Code installed (version 1.75 or later)
• Network access from developer machines to:
  • Your Bitbucket Data Center URL
  • AI provider endpoints (api.anthropic.com, generativelanguage.googleapis.com, or api.openai.com)
• Personal Access Token with REPO_READ and REPO_WRITE permissions

Step 1: Install Git AutoReview Extension

Open VS Code and install the extension:

Method A: Extension Marketplace

1. Open VS Code
2. Click Extensions icon (Cmd/Ctrl + Shift + X)
3. Search "Git AutoReview"
4. Click Install

Method B: Command Line

code --install-extension vitalii4reva.git-autoreview

Step 2: Generate Bitbucket Data Center Personal Access Token

Personal Access Tokens work with all authentication methods (SSO, LDAP, standard login).

1. Log in to Bitbucket Data Center (via your SSO/LDAP if applicable)
2. Navigate to User Settings → Click your profile icon → Settings
3. Go to Personal Access Tokens → Manage → Create a token
4. Configure token permissions:
   • ✅ REPO_READ (read repository and PR data)
   • ✅ REPO_WRITE (post review comments to PRs)
5. Copy the token (you won't see it again)

Security tip: Store the token securely. Git AutoReview uses VS Code's secure storage, so the token is encrypted on your machine.

Step 3: Configure Git AutoReview Connection

Open Git AutoReview settings in VS Code:

1. Open Command Palette (Cmd/Ctrl + Shift + P)
2. Type "Git AutoReview: Settings" and press Enter
3. Configure Bitbucket connection:
   • Platform: Select "Bitbucket Data Center"
   • Server URL: Enter your Data Center URL (e.g., https://bitbucket.yourcompany.com)
   • Access Token: Paste the Personal Access Token from Step 2
   • Repository: Select or manually enter your repository path

Example configuration:

Platform: Bitbucket Data Center
Server URL: https://bitbucket.acme-corp.com
Access Token: [your token]
Repository: PROJECT/repo-name

Step 4: Configure AI API Keys (BYOK)

Git AutoReview uses BYOK (Bring Your Own Key), which means your code is sent directly to your chosen AI provider, not stored on third-party servers.

Choose your AI provider(s):

Option A: Claude (Anthropic)

• Best for: Complex codebases, architectural reviews
• Get API key: console.anthropic.com
• Cost: ~$0.50-1.00 per review
• Privacy: Anthropic doesn't train on customer data

Option B: Gemini (Google AI)

• Best for: Speed, newer frameworks
• Get API key: aistudio.google.com
• Cost: ~$0.30-0.70 per review
• Privacy: Google Cloud privacy terms apply

Option C: GPT (OpenAI)

• Best for: Broad language support, security scanning
• Get API key: platform.openai.com
• Cost: ~$0.40-0.80 per review
• Privacy: Enterprise agreement available, opt-out of training

Add API keys in Git AutoReview settings:

1. Open Git AutoReview settings (Cmd/Ctrl + Shift + P → "Git AutoReview: Settings")
2. Navigate to AI Models section
3. Add API keys for chosen providers
4. (Optional) Enable multiple models to run in parallel

Alternative: Use Git AutoReview's included credits on Team/Enterprise plans, no separate API key needed.

Step 5: Test the Setup

Verify everything works:

1. Open Git AutoReview panel in VS Code (sidebar icon)
2. Select a pull request from the list
3. Click "Review with AI"
4. Choose AI model (Claude, Gemini, or GPT)
5. Wait 10-60 seconds for AI analysis
6. Review AI suggestions (shown as drafts in VS Code)
7. Approve, edit, or reject each suggestion
8. Click "Publish to Bitbucket" to post approved comments to the PR

If you see AI suggestions in VS Code, setup is complete!

Configuration Best Practices for Data Center

Network Security

Firewall Configuration:

Git AutoReview requires outbound HTTPS only, no inbound connections.

Whitelist these endpoints:

api.anthropic.com (port 443) — for Claude
generativelanguage.googleapis.com (port 443) — for Gemini
api.openai.com (port 443) — for GPT

Your Bitbucket Data Center doesn't need to be publicly accessible. Git AutoReview runs on developer machines, which connect to:

1. Your internal Data Center instance (internal network)
2. AI providers (outbound internet)

Proxy Configuration:

If your developers use a corporate proxy:

1. Configure proxy in VS Code settings (Settings → Proxy)
2. Git AutoReview uses VS Code's proxy automatically
3. Test connection to AI provider APIs through proxy

Authentication Integration

SSO/LDAP Compatibility:

Personal Access Tokens work with all authentication methods:

• ✅ SAML SSO (Okta, Azure AD, etc.)
• ✅ LDAP (Active Directory, OpenLDAP)
• ✅ OAuth custom providers
• ✅ Standard Bitbucket authentication

Token Rotation:

For security compliance:

1. Rotate tokens quarterly (or per policy)
2. Revoke old tokens when team members leave
3. Use short expiration if supported by your Data Center version

AI Model Selection

Single Model vs Multi-Model:

Single Model Approach:

• Choose one AI provider (Claude, Gemini, or GPT)
• Faster reviews (10-30 seconds)
• Lower cost (one API call per review)

Multi-Model Approach:

• Run Claude + Gemini + GPT in parallel
• Compare suggestions side-by-side
• Approve best suggestions from each model
• Higher quality (catches more issues)
• Higher cost (3x API calls)

Recommendation: Start with a single model (Claude for complex code, GPT for speed), then add multi-model for critical PRs.

Review Scope Configuration

File Types:

Exclude files that don't need review:

Include: *.js, *.ts, *.py, *.java, *.go
Exclude: *.test.js, *.spec.ts, package-lock.json, yarn.lock

Directories:

Skip vendor code and generated files:

Exclude:
  - node_modules/
  - vendor/
  - dist/
  - build/
  - .next/

PR Size Limits:

Skip very large PRs to save costs:

Max files: 50
Max lines changed: 1000

Large refactors can be reviewed in chunks.

Security and Compliance Considerations

Data Privacy with BYOK

Where does your code go?

With BYOK (Bring Your Own Key):

1. Developer machine → AI Provider API (direct connection)
2. Code is analyzed in-flight (not stored by AI provider)
3. Git AutoReview acts as pass-through (no code storage)

Git AutoReview does NOT:

• ❌ Store your code
• ❌ Log code snippets
• ❌ Train AI models on your data
• ❌ Share code with third parties

AI Provider Privacy:

• Anthropic (Claude): No training on customer data per enterprise privacy policy
• Google AI (Gemini): Google Cloud privacy terms apply
• OpenAI (GPT): Enterprise agreement available with opt-out of training

Compliance Framework Support

SOC 2 Type II:

• BYOK ensures code goes to SOC 2-certified providers
• Human-in-the-loop prevents automated changes
• Audit trail via Git AutoReview logs

ISO 27001:

• Code processing at certified providers (Anthropic, Google, OpenAI)
• No third-party code storage
• Access control via Bitbucket permissions

HIPAA (Healthcare):

• Use Anthropic or Google AI with BAA (Business Associate Agreement)
• Avoid OpenAI for PHI unless covered by enterprise agreement
• Self-hosted AI (local LLMs) coming in 2026 roadmap

GDPR (EU Data Protection):

• Code review doesn't typically involve personal data
• If test data includes names/emails, ensure AI provider has GDPR DPA
• Data residency: choose AI provider with EU data processing

Access Control

Who can use AI code review?

Access follows Bitbucket repository permissions:

• Developers with REPO_READ can run AI reviews
• Only users with REPO_WRITE can post comments to PRs

Audit trail:

• All AI-generated comments are posted under developer's Bitbucket account
• Git AutoReview logs (local) track which reviews were run
• Bitbucket audit logs show all PR activity

Integrating with Existing Workflows

Jira Integration

Git AutoReview integrates with Jira to verify acceptance criteria:

How it works:

1. Link Jira ticket in PR title or branch name (e.g., PROJ-1234-add-auth)
2. Git AutoReview fetches the Jira ticket
3. AI analyzes if code changes meet acceptance criteria
4. You get a verification report before approving the PR

Example output:

Jira Ticket: INFRA-456 - Implement Redis caching

Acceptance Criteria Analysis:
✅ AC1: Add Redis client configuration — Implemented in config/redis.ts
✅ AC2: Cache user sessions — Implemented in middleware/session.ts
⚠️ AC3: Add cache invalidation on user update — Not found in PR

Recommendation: Add cache invalidation or update ticket scope.

Setup:

1. Connect Atlassian account in Git AutoReview settings
2. Grant Jira read permissions
3. Git AutoReview automatically detects linked tickets

CI/CD Pipeline Integration

Git AutoReview vs CI/CD:

Approach	When	Who Reviews
Manual (Git AutoReview)	Developer runs before pushing	PR author
CI/CD Integration	Auto-runs on PR creation	Automated

Current state: Git AutoReview is a manual VS Code extension (developer-triggered).

Coming soon: Bitbucket Pipelines integration (auto-run on PR creation).

Workaround: Add to team workflow:

1. Developer creates PR
2. Developer runs Git AutoReview
3. Developer approves/publishes AI suggestions
4. Developer requests human review

Existing Code Review Process

Hybrid workflow (Human + AI):

Before AI:

1. Developer creates PR
2. Waits for human reviewer (hours to days)
3. Human reviewer finds issues
4. Developer fixes, repeat

With AI (recommended):

1. Developer creates PR
2. Runs AI review (10-60 seconds)
3. Fixes issues AI caught
4. Requests human review (fewer issues remain)
5. Human reviewer focuses on architecture/business logic

Result: 30-50% faster reviews with higher quality and less reviewer fatigue.

Troubleshooting Common Issues

Issue: Cannot Connect to Bitbucket Data Center

Symptoms:

• "Connection refused" error
• "Unable to reach Bitbucket server"

Solutions:

1. Verify URL: Ensure you're using the load balancer URL (not individual node IPs)
2. Check VPN: If Data Center is internal-only, connect to VPN first
3. Test connectivity: Run curl https://bitbucket.yourcompany.com from terminal
4. Certificate issues: If using self-signed SSL, configure VS Code to accept it

Issue: AI API Calls Failing

Symptoms:

• "API request failed"
• "Network error"

Solutions:

1. Check firewall: Whitelist api.anthropic.com, generativelanguage.googleapis.com, and api.openai.com
2. Test API key: Run test request from terminal:

   curl -H "Authorization: Bearer YOUR_API_KEY" https://api.anthropic.com/v1/messages
   

3. Proxy settings: Configure proxy in VS Code if required
4. API quota: Check AI provider dashboard for rate limits

Issue: Personal Access Token Rejected

Symptoms:

• "Authentication failed"
• "Invalid token"

Solutions:

1. Verify permissions: Token needs REPO_READ + REPO_WRITE
2. Check expiration: Tokens may have expiration dates
3. Regenerate token: Create new token if old one is revoked
4. SSO session: If using SSO, ensure you're logged in when creating token

Issue: AI Suggestions Not Appearing

Symptoms:

• Review completes but no suggestions shown

Solutions:

1. Check PR size: Very small PRs may have no issues
2. File types: Ensure files are in included list (not excluded)
3. Review scope: Check if directories/files are excluded by config
4. Model response: Check Git AutoReview logs for AI model errors

Cost Optimization

API Usage Estimates

Typical costs per review (based on average PR size of 200 lines):

AI Model	Cost per Review	Cost per 100 Reviews	Cost per 1000 Reviews
Claude (Anthropic)	$0.50-1.00	$50-100	$500-1000
Gemini (Google AI)	$0.30-0.70	$30-70	$300-700
GPT (OpenAI)	$0.40-0.80	$40-80	$400-800

For a team of 20 developers:

• 5 PRs per developer per week = 100 PRs/week
• 400 PRs/month
• Monthly cost: $120-400 (varies by AI model and PR size)

Cost-Saving Strategies

1. Use selective review:

• Run AI on critical PRs only (security, core features)
• Skip trivial PRs (typo fixes, config tweaks)

2. Optimize review scope:

• Exclude test files, docs, generated code
• Set max PR size limits

3. Choose cost-effective models:

• Gemini for speed and lower cost
• Claude for complex PRs only
• GPT for security-focused reviews

4. Use included credits:

• Git AutoReview Team plan includes credits
• No separate API billing for small teams

Next Steps

You now have AI code review running on Bitbucket Data Center. Here's what to do next:

Week 1: Pilot Testing

• Run AI reviews on 10-20 PRs
• Collect feedback from pilot team
• Calibrate which AI suggestions are valuable vs noise

Week 2-4: Team Rollout

• Train entire engineering team
• Document team conventions (when to use AI review)
• Monitor usage and costs

Month 2+: Optimization

• Adjust review scope based on feedback
• Rotate Personal Access Tokens (security)
• Measure time savings and bug catch rate

Frequently Asked Questions

Does Git AutoReview work with clustered Data Center?

Yes. Use your load balancer URL (not individual node IPs). Git AutoReview connects through the load balancer, which distributes requests across nodes.

Can I use Git AutoReview with SSO/LDAP?

Yes. Use Personal Access Tokens, which work with all authentication methods (SAML, LDAP, OAuth).

Is my code sent to Git AutoReview servers?

No. With BYOK, your code goes directly from VS Code to your AI provider (Anthropic, Google, or OpenAI). Git AutoReview acts as a pass-through.

What if my Data Center is completely offline (air-gapped)?

Current version requires internet access to AI providers. Self-hosted AI (local LLMs) is on the 2026 roadmap for air-gapped environments.

How do I handle firewall rules for AI APIs?

Whitelist outbound HTTPS (port 443) to: api.anthropic.com, generativelanguage.googleapis.com, api.openai.com. No inbound connections needed.

Can multiple developers use the same Personal Access Token?

No. Each developer should generate their own token. This ensures proper audit trails (comments are posted under the developer's account).

Does Git AutoReview support Bitbucket Data Center plugins?

Git AutoReview is a VS Code extension (not a Bitbucket plugin). It works alongside your existing Data Center plugins without conflicts.

How is this different from Bitbucket Cloud?

Setup is nearly identical. Main difference: Data Center uses Personal Access Tokens (not OAuth), and you configure your Data Center URL (not bitbucket.org).

Related Resources

Setup Guides:

• Bitbucket Server AI Code Review Setup Guide — Complete guide for Server, Data Center, and Cloud
• Bitbucket Cloud vs Data Center Comparison — Which platform is right for you?
• AI Code Review for Bitbucket — Why most tools skip Bitbucket

Landing Pages:

• Bitbucket AI Code Review — Full feature overview
• Pricing — Git AutoReview plans