Never commit your Bitbucket Personal Access Token (PAT) to source control.

• Pass credentials through environment variables (BITBUCKET_URL, BITBUCKET_TOKEN) as shown in the README
• Restrict PAT permissions to the minimum required scopes
• Use BITBUCKET_READ_ONLY_MODE=true when write access is not needed
• Use secure credential storage where available

The published Docker image on Docker Hub uses the official Microsoft .NET runtime base image and is scanned for vulnerabilities via Docker Scout static scanning on every push.