Security for Confluence imposes hard limits on how much memory a rule can use and how long a rule can take to scan a page fragment. Scanning rules which exceed these limits will be automatically disabled, and the scan will be marked as failed.
If a secret in a single page fragment matches more than one rule (built-in or custom), only the first match will be reported.