Security Analysis: Viewing scan results for a space

The Security Analysis for a given space allows administrators to view and handle scan findings for the space.

Only space administrators and Confluence administrators can access a space’s Security Analysis.

There are two ways to reach a space’s Security Analysis. First, you can reach it from the Soteri Dashboard, by clicking the name of the space:

Or, while viewing the space in Confluence, you can click “Security Analysis” in the side panel:

The space’s scan status and all findings in the space will be displayed. Similar findings in a single page’s history are grouped together. When a finding appears in multiple page versions, the range of page versions is shown.

When similar findings are grouped, the range of versions shown will be the earliest and latest versions of the page that that finding appears in, even if is not present in some of the intermediate versions.

You can select a page in the dropdown list to get the scan status and findings for each version of that page. Similar findings on the page version level are not grouped.

Above, we see a single finding. The specific text that matched the listed rule’s regex is highlighted. Specifically, this is the group 0 match: what the entire expression captured. For more information, see the Java 8 Regular Expression documentation.

Scan warnings

The Security Analysis will warn you if a previous scan is stale or outdated.

Stale scan

If content in a previously scanned space is added, removed, or updated, and automatic scanning is disabled, then the Security Analysis will indicate that the space’s scan results are stale, and the space should be re-scanned.

Outdated scan

Additionally, if a space is scanned, but a global detection rule is later toggled, then the Security Analysis will indicate that the space scan results are outdated.

This warning also appears for each page where global rules have changed since its last scan.