Confluence hosts hundreds of spaces with numerous pages, each with the potential to contain vulnerabilities. The Security Scan Report provides a central security dashboard for Confluence administrators. Security scans can be performed on a per-page basis from the scan page.

The Security Scan Report allows users to view scan report results of all Confluence pages and spaces, starting from a high-level space overview. This report page is available for Confluence administrators only, and it can be accessed from the main Confluence toolbar:

Here is an example report:

Each space will appear, along with the following:

  • The number of vulnerabilities found in that space.

  • The scan’s status. This can be:

    • Up To Date: The space has been fully scanned and either has the Security Hook enabled to scan all future content, or no changes have been made to the space since it was last scanned.

    • Outdated: The space has been fully scanned, but changes have been made since that happened.

    • Scheduled / Scanning: A scan of the space is in progress.

    • Unscanned: The space has not been scanned.

  • A dropdown menu of actions you can perform for that space.

You can use the provided “Filter by space name” input to search for particular spaces, and the “Space type” dropdown to view normal spaces (the default), private spaces, or both.

Clicking on the gear icon in the upper right will take you to the Security for Confluence Settings page.

Note that the vulnerability count does not include any findings which have been reviewed.

Triggering Scans

Clicking on a space’s “Actions” dropdown menu reveals the options “Scan” and “Export”:

Choosing “Scan” will trigger a scan for new and modified pages in that space. Choosing “Export” will download a list of all findings for that space in CSV format. Read more about exports here.

Clicking on a space’s name in the Security Scan Report will take you to that space’s scan page, where you can trigger scans on a per-page basis.

If any vulnerabilities are found, we recommend following our advice here.