Here's a list of current vulnerabilities that are detected by Security for Confluence Server:

Common Keys

Supported

EC keys

SUPPORTED

Generic secret

SUPPORTED

Generic API keys (most general hash that an API key will match with)

SUPPORTED

PKCS8 (private keys generally used on unix machines)

SUPPORTED

Generic API keys (most general hash that an API key will match with)

SUPPORTED

SSH keys

SUPPORTED

Passwords in URL's

SUPPORTED

PGP keys

SUPPORTED

PKCS8 (private keys generally used on unix machines)

SUPPORTED

Password detection (people storing passwords in plain text)

SUPPORTED

Custom key and pattern detection through advanced regex use

SUPPORTED


API Keys

Supported

AWS client ID's

SUPPORTED

AWS secret keys

SUPPORTED

AWS MWS keys

SUPPORTED

Facebook secret keys

SUPPORTED

Facebook client ID's

SUPPORTED

Facebook access tokens

SUPPORTED

Github keys

SUPPORTED

Google API key

SUPPORTED

Google Cloud Platform API key

SUPPORTED

Google OAUTH access token

SUPPORTED

Heroku API key

SUPPORTED

LinkedIn client ids

SUPPORTED

Mailchimp API key

SUPPORTED

Mailgun API key

SUPPORTED

Paypal BrainTree access tokens

SUPPORTED

Picatic API keys

SUPPORTED

Slack keys

SUPPORTED

Slack webhooks

SUPPORTED

Square access tokens

SUPPORTED

Square Oauth secrets

SUPPORTED

Stripe API key

SUPPORTED

Twilio API key

SUPPORTED

Twitter client ID's

SUPPORTED

Twitter secret keys

SUPPORTED