Skip to main content

Defining Custom Detection Rules

Security for Confluence allows for creation of custom scanning rules using regular expressions.

Only Confluence Administrators can access these settings.

To create a rule, first visit the Settings page, and then expand the “Custom rules” section.

Our application uses the built-in JDK java regex library (Java 8), which you can compare to other regex engines here.

Security for Confluence imposes hard limits on how much memory a rule can use and how long a rule can take to scan a page fragment. Scanning rules which exceed these limits will be automatically disabled, and the scan will be marked as failed.

If a secret in a single page fragment matches more than one rule (built-in or custom), only the first match will be reported.

Here are some example rules:

Bitcoin Address


Youtube Links


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.