Bitbucket Server AI Code Review Setup Guide for Enterprise Teams
Full guide to setting up AI-powered code review for Bitbucket Server, Data Center, and Cloud. Navigate the Server EOL migration, choose between Cloud and Data Center, and deploy AI code review with enterprise-grade security.
What does Bitbucket Server end of life mean for your team?
On February 15, 2024, Atlassian officially ended support for Bitbucket Server. This means no more security updates, bug fixes, or feature releases. If you're still running Bitbucket Server, you're operating with increasing security risk.
Critical: No Security Patches
Since February 2024, Atlassian has stopped releasing security patches for Bitbucket Server. Any newly discovered vulnerabilities will not be fixed. Running unpatched software in production violates most compliance frameworks (SOC 2, ISO 27001, GDPR).
What This Means for Your Team
No security updates: New CVEs will not be patched
No bug fixes: Existing issues remain unfixed
No compatibility updates: New Git features won't be supported
Limited vendor support: Atlassian support teams cannot help with Server issues
Compliance risk: Running EOL software may violate audit requirements
Migration Timeline
Atlassian provided a 2-year migration window (announced Feb 2022, EOL Feb 2024). If you haven't migrated yet, you should prioritize this immediately. Most organizations take 3-6 months to complete a full migration from Server to Cloud or Data Center.
Should you migrate to Bitbucket Cloud or Data Center?
Atlassian offers two migration paths from Bitbucket Server. Your choice depends on control requirements, compliance needs, budget, and technical resources.
Feature
Bitbucket Cloud
Bitbucket Data Center
Bitbucket Server
Deployment
Atlassian-hosted SaaS
Self-managed (on-premise or cloud IaaS)
Self-managed (deprecated)
Availability
99.9% SLA
Custom (you manage)
EOL Feb 2024
Pricing Model
Per user/month
Annual license + hosting costs
N/A (discontinued)
AI Code Review
✅ Git AutoReview
✅ Git AutoReview
✅ Git AutoReview (until your migration)
Data Residency
Atlassian regions
Your infrastructure
Your infrastructure
Customization
Limited (no plugins)
Full (plugins, custom integrations)
Full (deprecated)
Compliance
SOC 2, ISO 27001 (Atlassian)
Your responsibility
Your responsibility
Choose Bitbucket Cloud if:
You want Atlassian to manage infrastructure and security
You don't need custom plugins or deep customization
Your compliance requirements allow SaaS deployments
You want predictable per-user pricing
You have a small to medium team (Cloud works for large teams too)
Choose Bitbucket Data Center if:
You need on-premise deployment for data residency
You require custom plugins or integrations
You have strict compliance requirements (HIPAA, FedRAMP, etc.)
You want full control over infrastructure and performance
You need high availability with clustering
Pro Tip: Start with Cloud
Most teams should start with Bitbucket Cloud unless they have specific Data Center requirements. Cloud is faster to deploy, easier to maintain, and includes built-in disaster recovery. You can always migrate from Cloud to Data Center later if requirements change.
During a migration, your team is already under pressure. Code review bottlenecks slow down delivery. AI code review can maintain (or improve) code quality while reducing review time by 30-50%.
The Bitbucket AI Gap
Here's the problem: most AI code review tools don't support Bitbucket. CodeRabbit, the most popular AI review tool, only supports GitHub and GitLab. Qodo has limited Bitbucket support. GitHub Copilot doesn't work with Bitbucket at all.
Git AutoReview was built for Bitbucket from day one. It works with Cloud, Server, and Data Center. It integrates with Jira for acceptance criteria verification, and uses human-in-the-loop approval so you control what AI publishes.
Benefits During Migration
Maintain Quality
AI catches bugs, security issues, and style violations while your team focuses on migration. Quality doesn't drop during the transition.
Reduce Review Burden
Senior engineers can focus on migration planning while AI handles routine review feedback. Junior engineers get faster feedback without waiting for human reviewers.
Smooth Transition
Configure Git AutoReview once for Server, then update connection settings when you migrate to Cloud or Data Center. The review workflow stays the same.
Enterprise Security
BYOK (Bring Your Own Key) means your code goes directly to Anthropic, Google, or OpenAI — not stored on third-party servers. Meets SOC 2, ISO 27001, GDPR requirements.
How do you set up AI code review on Bitbucket Server?
If you're still running Bitbucket Server (pre-migration), Git AutoReview will work until you complete your migration to Cloud or Data Center.
Reminder: Server EOL
Bitbucket Server reached end of life in February 2024. Plan your migration to Cloud or Data Center as soon as possible. Git AutoReview supports all three platforms.
Step-by-Step Setup
1
Install Git AutoReview VS Code Extension
Open VS Code → Extensions → Search "Git AutoReview" → Install. Requires VS Code 1.75 or later.
ext install vitalii4reva.git-autoreview
2
Generate Bitbucket Server Personal Access Token
In Bitbucket Server: User Settings → Personal Access Tokens → Create Token
Required permissions:
REPO_READ - Read repository and pull request data
REPO_WRITE - Post review comments to pull requests
3
Configure Git AutoReview for Server
Open Git AutoReview settings in VS Code (Cmd/Ctrl + Shift + P → "Git AutoReview: Settings")
Platform: Select "Bitbucket Server"
Server URL: Enter your Server URL (e.g., https://bitbucket.yourcompany.com)
Access Token: Paste the Personal Access Token from step 2
Repository: Select or enter your repository path
4
Add AI API Keys (BYOK)
Configure your API keys for Claude, Gemini, or GPT:
Claude (Anthropic): Get API key from console.anthropic.com
Gemini (Google AI): Get API key from aistudio.google.com
GPT (OpenAI): Get API key from platform.openai.com
Or use Git AutoReview's included credits on paid plans (no separate API key needed).
5
Review Your First Pull Request
In VS Code Git AutoReview panel:
Select a pull request from the list
Click "Review with AI"
Choose which AI model(s) to run (or run all three)
Review AI suggestions (shown as drafts in VS Code)
Approve, edit, or reject each suggestion
Click "Publish to Bitbucket" to post approved comments to the PR
Pro Tip: Network Configuration
Bitbucket Server often runs behind corporate firewalls. Ensure VS Code can reach: (1) Your Bitbucket Server URL (internal network), and (2) AI provider APIs (external: api.anthropic.com, generativelanguage.googleapis.com, api.openai.com). Whitelist these domains in your firewall if needed.
How do you set up AI code review on Bitbucket Data Center?
Bitbucket Data Center is Atlassian's self-managed enterprise solution. Git AutoReview supports Data Center deployments, including clustered configurations and custom authentication.
Setup Process (Similar to Server)
The setup process for Data Center is nearly identical to Server (see above). The key differences:
Data Center URL Configuration
Use your Data Center load balancer URL (not individual node URLs):
https://bitbucket-dc.yourcompany.com
Git AutoReview will connect through your load balancer, which distributes requests across Data Center nodes. This ensures high availability.
SSO and LDAP Authentication
If your Data Center uses SSO (SAML, OAuth) or LDAP, use Personal Access Tokens instead of password authentication:
Log in to Bitbucket Data Center (via SSO/LDAP)
Navigate to Settings → Personal Access Tokens
Create a token with REPO_READ and REPO_WRITE permissions
Use this token in Git AutoReview settings
Personal Access Tokens work with all authentication methods.
Proxy and VPN Configuration
If your Data Center is only accessible via VPN or proxy:
Ensure VS Code can reach Bitbucket through your VPN
Configure VS Code proxy settings if needed (Settings → Proxy)
Whitelist AI provider APIs for outbound connections (see firewall section below)
You'll be prompted to authenticate with your Atlassian account via OAuth. This is simpler than Personal Access Tokens and grants appropriate permissions automatically.
3
Select Repository
After authentication, select your Bitbucket Cloud workspace and repository from the dropdown.
4
Configure AI Models
Add your API keys for Claude, Gemini, or GPT — or use included credits on Team/Enterprise plans.
5
Start Reviewing
Select a pull request → Review with AI → Approve suggestions → Publish to Bitbucket
Cloud Advantage: No Network Config
Unlike Server/Data Center, Bitbucket Cloud requires no firewall rules, VPN setup, or proxy configuration. It's publicly accessible and works from any network.
What are best practices for Bitbucket AI code review?
Optimize your Git AutoReview configuration for enterprise use.
Use BYOK for Cost Control and Privacy
Bring Your Own Key (BYOK) means using your own API keys from Anthropic, Google, or OpenAI. Benefits:
Privacy: Code goes directly to your AI provider, not stored by Git AutoReview
Cost control: Pay only for actual usage (typical cost: $0.50-$2.00 per review)
No vendor lock-in: Switch AI providers anytime without changing tools
Compliance: Easier to meet SOC 2, ISO 27001, GDPR requirements
Choose the Right AI Model
Different models excel at different tasks:
Claude (Anthropic): Best for complex codebases and architectural reviews. Excellent at understanding context. Slightly slower but higher quality.
Gemini (Google AI): Good balance of speed and quality. Strong on newer frameworks and libraries.
GPT (OpenAI): Fast and broad language support. Good for quick feedback loops.
Pro tip: Run multiple models in parallel and compare results. Git AutoReview shows side-by-side comparisons so you can approve the best suggestions from each model.
Configure Review Scope
Tailor what AI reviews:
File types: Include/exclude by extension (.js, .py, .java, etc.)
Directories: Skip test files, generated code, vendor dependencies
PR size limits: Skip very large PRs (1000+ line changes) to save costs
Review focus: Prioritize security, bugs, performance, or style
Set Up Team Conventions
Establish team-wide standards for using AI review:
When to use AI review (all PRs vs critical PRs only)
Who reviews AI suggestions (PR author vs dedicated reviewer)
How to handle disagreements with AI (always human decision wins)
What feedback is "noise" vs valuable (calibrate over time)
What security and compliance issues affect Bitbucket AI review?
Enterprise teams must evaluate AI code review against compliance frameworks and security policies.
Data Privacy with BYOK
With BYOK (Bring Your Own Key), your code is sent directly to your AI provider:
Anthropic (Claude): Enterprise privacy policy, no training on customer data
Google AI (Gemini): Google Cloud privacy terms apply
OpenAI (GPT): Enterprise agreement available, opt-out of training
Git AutoReview does not store, log, or train on your code. It passes code directly from VS Code to your AI provider and back.
Firewall and Network Requirements
For Bitbucket Server/Data Center deployments, whitelist these outbound HTTPS endpoints:
No inbound connections required. Git AutoReview only makes outbound calls. Your Bitbucket instance doesn't need to be publicly accessible.
Compliance Framework Support
Git AutoReview supports common enterprise compliance requirements:
SOC 2 Type II: With BYOK, data flows to SOC 2-certified AI providers (Anthropic, Google, OpenAI). Human-in-the-loop prevents automated changes.
ISO 27001: BYOK ensures code processing happens at certified providers. No code storage reduces information security risk.
GDPR: Code review doesn't typically involve personal data. If it does (e.g., customer names in test data), ensure your AI provider has GDPR-compliant DPA.
HIPAA: For healthcare teams, use Anthropic or Google AI with BAA (Business Associate Agreement). Avoid OpenAI for PHI unless covered by enterprise agreement.
Access Control Best Practices
Use Personal Access Tokens with minimal required permissions (REPO_READ, REPO_WRITE)
Rotate tokens quarterly or when team members leave
Store tokens securely (VS Code secure storage, not in source control)
Audit who has Git AutoReview access (matches Bitbucket repository access)
Important: Review Your Organization's Policies
Some organizations prohibit sending code to third-party AI providers. Check with your security/compliance team before deploying AI code review. Self-hosted AI support (running LLMs on your infrastructure) is on Git AutoReview's 2026 roadmap.
How do you migrate your code review workflow?
When you migrate from Bitbucket Server to Cloud or Data Center, your code review process will change. Here's how to integrate AI review into your new workflow.
Before Migration: Server Workflow
Set up Git AutoReview for Bitbucket Server
Run AI reviews on PRs during normal workflow
Collect feedback from team on AI review quality
Calibrate which AI suggestions are valuable vs noise
During Migration: Transition Period
If you're doing a phased migration (some repos on Server, some on Cloud/DC):
Git AutoReview can connect to multiple Bitbucket instances simultaneously
Configure separate connections for Server and Cloud/Data Center
Switch between instances in the VS Code panel
Review workflow stays consistent across both platforms
After Migration: Cloud/Data Center Workflow
Update Git AutoReview connection settings to point to Cloud or Data Center
Test OAuth flow (Cloud) or Personal Access Token (Data Center)
Verify AI reviews work on new platform
Continue existing review conventions
Pro Tip: Test Before Full Migration
Set up a pilot repository on Cloud or Data Center before migrating your entire organization. Test the AI review workflow on the new platform with a small team. Identify any issues before committing to full migration.
What does a Bitbucket enterprise deployment checklist include?
Use this checklist to ensure a successful Git AutoReview deployment for Bitbucket.
Pre-Deployment
Verify Bitbucket platform (Server, Data Center, or Cloud)
Check security/compliance approval for AI code review
Choose AI provider (Anthropic, Google, or OpenAI)
Obtain API keys or budget for included credits
Whitelist AI provider endpoints in firewall (Server/DC only)
Initial Setup
Install Git AutoReview VS Code extension on pilot team's machines
Configure Bitbucket connection (Server URL or Cloud OAuth)
Generate and securely store Personal Access Tokens (Server/DC)
Add AI API keys or configure included credits
Test connection on a sample pull request
Pilot Phase
Run AI reviews on 10-20 PRs to calibrate quality
Collect feedback from pilot team on AI suggestions
Adjust review scope (file types, directories to include/exclude)
Document team conventions for AI review usage
Measure time savings and bug catch rate
Full Rollout
Train entire engineering team on Git AutoReview workflow
Set up team subscription (Team or Enterprise plan)
Roll out to all repositories or selected high-priority repos
Monitor usage and feedback in first 30 days
Iterate on configuration based on team feedback
Ongoing Maintenance
Rotate Personal Access Tokens quarterly
Review AI API usage and costs monthly
Update team conventions as AI models improve
Audit access when team members change
Stay updated on Git AutoReview feature releases
Frequently Asked Questions
Does Git AutoReview work with Bitbucket Server?
Yes. Git AutoReview supports Bitbucket Server until your migration is complete. Since Bitbucket Server reached end of life in February 2024, we recommend migrating to Bitbucket Cloud or Data Center soon. Git AutoReview works with all three platforms.
What happens after Bitbucket Server end of life?
Atlassian stopped releasing updates, bug fixes, and security patches for Bitbucket Server in February 2024. Your instance still runs, but you won't get security updates, making it increasingly risky. Atlassian recommends migrating to Cloud or Data Center. Git AutoReview continues to work with Server instances during your migration period.
Is AI code review secure for enterprise use?
Yes, when implemented correctly. Git AutoReview uses BYOK (Bring Your Own Key), meaning your code is sent directly to your chosen AI provider (Anthropic, Google, or OpenAI) — not stored on third-party servers. With Data Center deployments, you control the entire infrastructure. Human-in-the-loop approval ensures no AI suggestions reach your PRs without review.
Can I use my own API keys with Bitbucket?
Yes! Git AutoReview supports BYOK (Bring Your Own Key) for Claude (Anthropic), Gemini (Google AI), and GPT (OpenAI) on all plans. This gives you full cost control and ensures your code goes directly to your AI provider. No code is stored by Git AutoReview.
Does Git AutoReview support Bitbucket Data Center?
Yes. Git AutoReview fully supports Bitbucket Data Center, including on-premise deployments, custom authentication (SSO, LDAP), and network configurations. It works behind firewalls and integrates with Jira for ticket context.
What's the difference between Bitbucket Cloud and Data Center?
Cloud is Atlassian's SaaS offering (hosted by them). Data Center is self-managed enterprise software you host on your infrastructure. Cloud is simpler but less customizable. Data Center gives you full control, supports plugins, and meets strict data residency requirements. Git AutoReview works with both.
How do I migrate from Bitbucket Server to Data Center?
Use Atlassian's official migration tools. Export your Server data, provision Data Center infrastructure, import the data, and test. Git AutoReview works throughout the migration — configure it for Server initially, then update the connection to Data Center after migration. The review workflow stays the same.
Can AI code review work behind a corporate firewall?
Yes. Git AutoReview only requires outbound HTTPS connections to AI providers (Anthropic, Google, OpenAI). No inbound connections needed. Whitelist these API endpoints in your firewall: api.anthropic.com, generativelanguage.googleapis.com, api.openai.com. Works with proxy servers and VPN configurations.
Start AI Code Review for Bitbucket Today
Install Git AutoReview free from the VS Code Marketplace. Full support for Bitbucket Cloud, Server, and Data Center. Human-in-the-loop approval, multi-model AI, and BYOK on all plans.