Skip to main content
Skip table of contents

Security Analysis: Viewing scan results for a space

The Security Analysis for a given space allows administrators to view and handle scan findings for the space.

Only space administrators, Confluence administrators, or any user granted explicit app access, can access a space’s Security Analysis.

There are two ways to reach a space’s Security Analysis. First, you can reach it from the Soteri Dashboard, by clicking the name of the space:

Screenshot 2025-05-30 at 13-03-47 Soteri Dashboard - Confluence.png

Or, while viewing the space in Confluence, you can click “Security Analysis” in the side panel:

Screenshot 2025-05-30 at 13-06-31 Development Home - Development - Confluence.png

The space’s scan status and all findings in the space will be displayed. Findings with the same match text across multiple versions of a piece of content are deduplicated—that is, when a finding appears in multiple content versions, the range of versions is shown.

For deduplicated findings, the first and last versions of the content that the finding appears in will be shown, even if the finding is not present in all intermediate versions.

Screenshot 2025-05-30 at 13-25-39 Security Analysis - Confluence.png

Click on page version links to view the actual page and see who edited it and when. This is useful for tracking down users who published the finding.

You can select a page in the dropdown list to get the scan status and findings for a particular page, and you can also filter to a specific page version. When viewing results for a specific page version, similar findings are not deduplicated.

When a page version is selected, only scan findings in the text of that specific version are shown. Findings in attachments or comments on the page are not included.

Screenshot 2025-05-30 at 13-30-30 Security Analysis - Confluence.png

Above, we see a few scan findings for a particular page version. The specific text that matched the listed rule’s regex is highlighted. Specifically, this is the group 0 match: what the entire expression captured. For more information, see the Java 8 Regular Expression documentation.

You can also filter the list to only show findings matching certain rules. Use the “Filter by Rule” field to search for rules to filter.

Screenshot 2025-05-30 at 13-32-52 Security Analysis - Confluence.png

Historical Findings

Scan findings that aren’t present in the latest published version of a piece of content are considered ‘historical'. Any such scan findings will appear as ‘historical’ the Security Analysis.

Screenshot 2025-05-30 at 13-36-25 Security Analysis - Confluence.png

For scan findings in historical versions of comments, there is an extra indicator and tooltip about remediation, as described in Scanning Comments | Removing-secrets-in-comments.

Scan warnings

The Security Analysis will warn you if a previous scan is stale or outdated.

Stale scan

If content in a previously scanned space is added, removed, or updated, and automatic scanning is disabled, then the Security Analysis will indicate that the space’s scan results are stale, and the space should be re-scanned.

The space scan stale result warning


Outdated scan

Additionally, if a space is scanned, but a global detection rule is later toggled, then the Security Analysis will indicate that the space scan results are outdated.

The space scan outdated result warning


This warning also appears for each page where global rules have changed since its last scan.

The page scan outdated result warning

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close