Content can be scanned in one of two ways:

  • manually, by selecting the space or a specific page to scan, or

  • automatically once new content is published, by enabling the “Scan new content automatically“ toggle in the Security Scan page.

Only space administrators can access the space’s Security Scan page.

To view and trigger security scans, you will need Space administration permissions. Navigate to your space of choice, and then go to the Security Scan tab.

The space’s scan status and all findings in the space will be displayed. You can select a page in the dropdown list to get the scan status and findings just for that page.

Above, we see two findings. For each of them, the specific text that matched the listed rule’s regex is highlighted in blue. Specifically, this is the group 0 match – what the entire expression captured. For more information, see the Java 8 Regular Expression documentation.

What content is scanned?



Page body


Blog posts




Comments (including inline)




Space scans will scan the latest version of each page. Older versions can be scanned manually by selecting the page and page version you want to scan, followed by pressing the Scan Page button.