Why isn't Security for Confluence finding my passwords?
Generic password detection is turned off: If you're trying to have Security for Confluence detect a password like
password="my password"
, it won't because generic password detection is turned off by default. Please refer to Enabling and Disabling Scanning Rules page in the Security for Confluence documentation to learn how to enable generic password detection.Scanning is turned off: Security for Confluence may not be scanning your code if the specific rule is turned off or scanning has been turned off. The rule has to be enabled on a global, project, or repository level. Please refer to Automatically Scanning Content section in the Security for Confluence documentation to learn how to enable scanning.
Using a fake key to test the application: Security for Confluence uses entropy filters to determine whether a key is fake. If you are using a fake key instead of a real one, it will not be detected. Please ensure that you are using actual keys in your code for them to be detected.
Key is in a screenshot: If your key is in a screenshot, it won't be detected as Security for Confluence doesn't support OCR scanning yet.
Lack of generic rules for certain patterns: Some users have been expecting generic rules for certain patterns that Security for Confluence does not have generic rules for. You can see a list of rules that Security for Confluence uses for scanning in the Built-In Scanning Rules page in the Security for Confluence documentation. You can learn how to define your own custom rules here.