Confluence mark

Security for Confluence

Secret Scanner to Discover Sensitive Information Published in Confluence

Over 200,000 people rely on Security for Confluence to audit, detect, and remove secrets.

Soteri Is Protecting Top Companies

Trusted by the Fortune 500 because we don't phone home like other competing brands.

What will an attacker find in Confluence?

How Theft of user account credentials and sensitive data from Confluence.

Result $46 million in costs and damages

Financial Firm

How Spy drone breached network, scanned Confluence, and found secrets.

Result Access to financial systems

Confluence mark

Confluence CVE-2023-22515

Allows an unauthenticated attacker to create unauthorized administrator accounts in Confluence.

Confluence mark

Confluence CVE-2022-26138

Allows an unauthenticated attacker to login to Confluence using a hardcoded password from a popular app.

Confluence mark

Confluence CVE-2022-26134

Allows an unauthenticated attacker to remotely compromise unpatched Confluence servers by creating new a administrator account and executing arbitrary code.

Assume an attacker is in your systems...

Whether from a new CVE or something else.

What will they find?

Shield and a globe

Privacy

Soteri respects data sovereignty, ensuring your sensitive information remains secure, confined and never transmitted elsewhere.

Cloud icon

Confluence Cloud

Rest easy knowing Soteri doesn't store the text of any of your content, nor use it as data to train AI models which themselves could be a target for attack.

Phone off icon

Confluence Data Center

Soteri respects data sovereignty, ensuring your sensitive information remains secure, confined and never transmitted elsewhere. In other words, we don't phone home.

Graphics of vulnerabilities found on Bitbucket and Confluence

Enhanced Confluence Security

A plug-and-play Confluence app that scans your pages and spaces for sensitive information so that common mistakes are caught before they are exploited by attackers.

No need to worry about 3rd party vendor compliance or reliability since Soteri's Secret Scanning is hosted within Confluence Data Center. Installation takes only 30 seconds. On Cloud? We support Confluence Cloud as well.

How it Works

Three Easy Steps to Secure Confluence

Adding secret scanning to your security testing is simple with Security for Confluence.

1. Audit

Put your security on autopilot with scheduled audits or trigger manual audits.

Routine secret scanning audits are key to ensuring Confluence security issues are identified ASAP.

2. Detect

Discover secrets, before the attacker with built-in and customizable scanning rules.

Keep your Confluence pages and spaces free of API keys, passwords, and much more!

3. Secure

Secure your systems to prevent data breaches by changing and removing your secrets.

View the docs for more info on handling discovered secrets.

Features

Built to Maximize Your Confluence Security

Eyes looking at code

Space and Page Scanning

Run automated scans for entire spaces or individual pages. This enhanced secret scanner also scans page history to find vulnerabilities in past document versions.

Find a false positive? Ignore it with a press of a button.

Scanning for...
AWS_CLIENT_ID
GITHUB_KEY
SLACK_WEBHOOK
STRIPE_API_KEY
API badge
GENERIC_API_KEY
Pencil drawing a key

Find Commonly Leaked Secrets, and Then Some

Have confidence in your Confluence secret scanning as 40+ secrets are automatically detected. The built-in patterns detect leaked credentials, private keys, API keys, PII, credit card numbers, banking information, and more.

You can also add your own patterns via regex rules to detect other secrets.

Person looking at code

Downloadable Reports of Scan Findings

Confluence administrators can export the secret scanning findings into a CSV that'll show each Confluence space, title, and name of the secret found (+6 other columns).

Space
Title
Rule
Text
DEV
FB
FACEBOOK_CLIENT_ID
"FACEBOOK).setClientId(""950513172001321"
MS
My Page
AWS_CLIENT_ID
AKIA3WAXW7OOSMVLM4YX
DEV
Keys
FACEBOOK_SECRET_KEY
fbkey ab048ad50ffa33959a242b1ecec6ed0b
Scanning Confluence...
Exporting CSV...
Dev secret found...
Alerting dev team...
Checklist for protection

REST API for Scripting and Automation

Use the API to create automations that scan your Confluence spaces, download the results, and automatically notify people about them. For more complex workflows, you can automate alerting the proper person/team depending on the secret found or where it was found.

Shield and a globe

Demonstrate Compliance for GDPR, CAIQ, HIPAA, and More

Running automated scans to identify security issues can help you gain and demonstrate compliance for GDPR, CAIQ, HIPAA, and multiple other security standards.

Be Confident in Your Cloud

Without Soteri

  • Secrets get published
  • Attackers gain access to sensitive info
  • Financial damages in the billions of dollars
  • Damaged company reputation

With Soteri Scanning

  • Find sensitive info before hackers do
  • Protect PII and financial information
  • Comply with HIPAA and GDPR
  • Be proactive instead of reactive

Security for Confluence FAQs

Here's more information about Security for Confluence.
Need something else? Start a chat in the bottom right.

Which secrets does Security for Confluence look for?

The software automatically detects over 40 secrets in Confluence spaces and pages. Here's a full list of the secrets we scan for. You can easily add additional rules in the UI using regex.

Is my data private?

Yes! Soteri respects data sovereignty, ensuring your sensitive information remains secure, confined and never transmitted elsewhere. In other words, we don't phone home.

Is this compatible with Confluence Cloud and Data Center?

Yes it is! For Confluence Cloud go here and for Confluence Data Center go here.

Do you offer support?

Yes, 24 hours a day. Through our support portal you can get in touch with us, report a bug, suggest a feature, and more!

What happens if Security for Confluence finds sensitive data?

All secrets detected by a security scan should be considered compromised. We recommend changing the secret (e.g., reseting passwords or rotating API keys), and removing it from Confluence. Here are the full docs for more info.

Are secrets lurking in Confluence? Scan now!