Confluence hosts hundreds of spaces with numerous pages, each with the potential to contain vulnerabilities. The Security Scan Report provides a central security dashboard for Confluence administrators. Security scans can be performed on a per-page basis from the scan page.

The Security Scan Report allows user to view scan report results of all Confluence pages and spaces, starting from a high-level space overview. This report page is available for Confluence administrators only, and it can be accessed from the main Confluence toolbar:

The Security Scan Report will appear similarly to the below:

Each space will appear, along with:

  • The number of vulnerabilities that have been found in that space

  • The scan’s status. This can be:

    • Up To Date: The space has been fully scanned and either has the Security Hook on to scan all future content, or no changes have been made to the space since it was last scanned.

    • Outdated: The space has been fully scanned, but changes have been made since that happened.

    • Scheduled / Scanning: A scan of the space is in progress.

    • Unscanned: The space has not been scanned.

  • as well as a dropdown menu of actions.

By default, only normal spaces will appear at first. To see only private spaces, select “Show private spaces” from the “Space type” dropdown box, and to see all spaces, select “Show all spaces”.

To filter the list of spaces by space name, type in a few characters in the “Filter by space name” box, and the list will dynamically shrink to those spaces whose name contains the entered characters.

Clicking on the gear icon in the upper right will take you to the Security for Confluence Settings page.

Note that the vulnerability count does not include any findings which have been reviewed.

Triggering Scans

Each space name is a link; clicking on one will take you to that space’s scan page, where you can trigger scans on a per-page basis.

Clicking on a space’s “Actions” dropdown menu reveals the two options “Scan” and “Rescan”:

Choosing “Scan” will trigger a scan for new and modified pages in that space. Choosing “Rescan” will trigger a scan for all pages in that space.

If any vulnerabilities are found, consult our advice here.