Security Scanner for Confluence - Forge

FORGE

roa-badge.png

Security Scanner for Confluence app is now available in Forge and qualifies for the "Runs on Atlassian” badge.


Scanning your Confluence Instance

Navigate to your admin area and find the Apps menu in the left-hand navigation column.

Public Access Scanner STANDARD

You will land on the Public Access Scanner tab of the app. By selecting Run Security Scanner, the site will be scanned for publicly accessible content.

This will include spaces, pages, blogs and attachments.

image-20250523-035622.png

Permissions Scanner STANDARD

Security Scanner also provides a bird's-eye view of permissions for any given project or space. Navigate to the Permissions Scanner tab, search for your desired space in Confluence. The scan will commence immediately. On completion, you will see a summary of users and groups who have project/space access and a list of users who have administrative access to that space or project.

image-20250523-040017.png

Keyword Phrase Scanner ADVANCED COMING SOON

In the advanced version of Security Scanner for Confluence, we give users the ability to scan Confluence for keywords and phrases that contain sensitive information. Configure the keywords and phrases that pertain to your business to ensure the accuracy of the scan for your business.

Configuration

Navigate to the Configuration tab under Keyword/Phrase Scanner and add each of your keywords in the input field. There is no need to add quotes around phrases or words as this is done in the background.

image-20250707-033501.png

Please note that input values are sanitised for malicious content. For example:

<svg><g/onload=alert("Hello")//<p> will be sanitised to become <svg><g></g></svg>

<script>alert(“Bye“)</script> will be sanitised to become an empty string, and an error will be shown.

Keyword Scan

Once you’ve configured the words you need, switch over to the Keyword Scan tab and select “Run Keyword Scanner”.

image-20250707-033345.png

The duration of this process may vary based on the number of configured keywords and phrases, as well as the size of your instance. The initial 150 occurrences of each keyword are provided, and you can conveniently download them again as a CSV or JSON file.

image-20250707-034625.png

Download reports

You can download the results of the Public Access Scanner in either PDF or JSON format, allowing you to utilise them as needed.

After a Permissions Scanner or Keyword / Phrase Scanner run, you can download the report as a CSV or JSON file.

Logs

After each scan, you can see a summary of the results by selecting View Logs.

image-20250707-034721.png

Ask for help

In the original version of this app, we provided a way to ask for help from our team of experts directly. In order to achieve the Runs on Atlassian badge, we had to remove this functionality. Rest assured, our experts are always ready to help. Contact us directly on our website.

Search