Exporting Findings
Security for Confluence allows users to export CSV files containing findings in the spaces for which they have administration privileges. This can be done when viewing a space’s Security Analysis by clicking the Export Space dropdown at the top:
There are two options, both of which are in CSV format:
A Findings export contains the scan results for the space
A Reviewed False Positives export contains reviewed false positives, including who reviewed them and when they were reviewed. Reviewed false positives are scoped per-space and apply to all future and past findings in the space that match exactly.
You can also export findings for a particular space or for all spaces for which you have administration privileges, using the REST API.
Redacting findings in exported reports
If you want to keep the full text of findings from appearing in exported reports, you can disable the Include full finding text in exported reports setting in the plugin settings page:
Disabling this option will remove the Finding text and Full text columns from CSV exports, and will add a URL column, Report link – a link to the Security Analysis containing the finding.
Deduplicate findings in exports
If you want to show every finding occurrence in your export reports, you can disable the Deduplicate findings in exports setting. Otherwise, findings will be presented once for every page they’re discovered in, even if the are discovered more than once in the history of that page. This behavior presents an export similar to the layout of the Security Analysis page.