/
Atlassian App || Security App for Confluence || Documentation

Atlassian App || Security App for Confluence || Documentation

Owned by Naveen Kumar C
Last updated: Jan 30, 2025
5 min read

Introduction

Sensitive information such as API keys, passwords, and access credentials is often unintentionally stored in Confluence pages and blog posts. This poses significant security risks, as such data can be exploited by malicious actors. To address this, the Security for Confluence initiative integrates automated scanning and detection capabilities directly within Confluence to prevent, mitigate, and manage the exposure of sensitive information.

App Installation

Step 1: Login as a JIRA administrator to confluence. Go to Administration -> Add-on -> Find Add-on 

Step 2: Find "ConfiSecure" and click "Install".

ConfiSecure Process Steps

Step 1: Go to Jira Home  → Click on Apps drop-down -> Click on “ConfiSecure.”

image-20250109-093745.png

Step 2: After selecting "ConfiSecure," the application view will be displayed, providing you with the interface to interact with the tool.

The popup message will be appear stating that “Authentication Required”. The message will disappear after 3 seconds.

image-20250109-094953.png

Step 2: Click on App settings to proceed with the Authorization.

Step 3: Once click on the Authorization, the page will appear to enter the email and apitoken for validation.

Step 4: To validate the authorization, please provide your 'Email ID' and 'API Token' and click on the validate button.

Step 5: Upon clicking the "Validate" button, if both the Email ID and API token are valid, a success flag message will be displayed confirming that the API token is valid. The user will then be redirected to the main dashboard page.

The main dashboard page will display a table containing the counts of space and page security rule findings.

If a space is newly created, its status will be displayed as "Unscanned," and no findings will be shown for it.

When the "Scan-All" button is clicked, all spaces will be scanned, their findings will be displayed, and their status will be updated to "Scanned." Similarly, individual spaces can also be scanned by selecting and scanning them individually.

Step 6: The dashboard incorporates pagination to display spaces, presenting 10 records per page. Users can navigate through the pages effortlessly to access additional spaces and their associated details, as illustrated in the image below.

 

Configure Keyword for Security

Enabling and Disabling Global Detection keywords

With Security for Confluence, you can manage detection rules to suit the specific needs of your organization. Predefined rules are available within the global detection settings, and these can be disabled if they are not relevant to your requirements and also we can filter the global detection keywords.

Defining Custom Detection Keywords

Security for Confluence also provides the flexibility to create custom scanning rules using regular expressions. Users can define a custom rule by entering a rule name and adding it with a simple click of the "Add" button. Additionally, custom rules can be removed at any time by clicking the "Delete" button, as demonstrated in the image below. 

Once they click on the close button again it will redirect to the main dashboard page.

Detailed scan results for a space

Clicking on a space name in the dashboard table will open a dialog box displaying detailed scan results. The dialog includes the page name, page content where security rules are detected, and the version of the page.

Export Findings

If the "Export All" button is clicked, all page security findings will be downloaded in CSV format. The CSV file will include details such as spaceId, spaceName, pageId, pageTitle, and matches. Below is the format of the CSV file that will be downloaded upon clicking "Export All."

Similarly, individual space-level findings can be downloaded by clicking the "Export" button corresponding to each space in the dashboard table, as shown in the image below.

Notify User via Email

The Notify User via Email functionality allows users to send email notifications by clicking the Notify button. A dialog box appears, prompting the user to enter email details, including the sender's email, Recipient’s email. Upon clicking Send, the backend API processes the email request and delivers it to the recipient.

Space Level Notify

The Space Level Notify feature includes all pages containing findings. This ensures that notifications are sent based on specific reports or updates across various sections of the platform. Users can configure notifications to cover:

  • Comprehensive Reports: Send notifications for all findings across different pages.

  • User Notify: Ensure notifications are sent based on user entered email.

This functionality enhances communication by keeping relevant stakeholders informed of critical findings.

Clicking "Notify" will open a dialog box prompting you to enter the verified sender's email address, recipient's email address, message, and a findings attachment for the space.

After entering all the required fields, clicking the "Send" button will send a notification email to the recipient(s), including the findings attachment and message. Multiple recipients can also be added.

 

Example Findings CSV Report