Discover Sensitive Information Published in Confluence
Over 200,000 developers rely on Security for Confluence to audit, detect, and remove secrets.
Not Using Our App
- Secrets get published
- Attackers gain access to PII and other sensitive info
- Financial damages in the billions of dollars
- Damaged company reputation
Using Security for Confluence
- Find sensitive information before hackers do
- Protect PII and financial information
- Comply with HIPAA and GDPR
- Be proactive instead of reactive
Enhanced Confluence Security
A plug-and-play Confluence app that scans your pages for sensitive information so that common mistakes are caught before they are exploited by attackers.
No need to worry about 3rd party vendor compliance or reliability since Soteri's Secret Scanning is hosted within Confluence Data Center. Installation takes only 30 seconds. On Cloud? We support Confluence Cloud as well.
Three Easy Steps to Secure Confluence
Put your security on autopilot with scheduled audits or trigger manual audits.
Discover secrets, before the attacker with built-in and customizable scanning rules.
Secure your systems to prevent data breaches by changing and removing your secrets.
Providing Peace of Mind to QA, DevOps, and Cloud Engineers
Built to Maximize Your Confluence Security
What content can Security for Confluence scan?
Currently, Security for Confluence scans:
- Blog Posts
Note that comments, drafts, and macro bodies are not yet scanned.
What do I do if a security scan finds a secret?
All secrets detected by a security scan should be considered compromised. Once a secret is published, anyone who had read access to the page could have obtained a copy. Locking down the permissions on the page, deleting it, or deleting all the page versions which contained the secret are all good steps, but they don’t sufficiently remediate the risk.
Soteri recommends to:
- Change the secret.
- If a password is found, change it.
- If an access token is found, generate a new access token and update your services to use the new token. Once all your services have been updated, revoke the old token.
- Delete the secret from Confluence. Secrets improperly stored in Confluence, revoked or not, send the signal to users that secrets can be stored this way.