Scan data for secrets

Confluence

8min

﻿
﻿
﻿ for Atlassian Confluence.
Configuration
In order to configure Confluence, you need the ability to create a token.
Web configuration
You can configure this source through the integration wizard on the frontend or you can use a local configuration file as outlined below.
Local configuration
The Confluence integration supports:
Basic authentication (for both Confluence cloud and Confluence Datacenter and Server)
Bearer token (only for Confluence Datacenter and Server)
Confluence Cloud
For basic authentication, you need to use the email address attached to your Atlassian account as username and a Confluence cloud token as the password in the configuration YAML file. For cloud configuration, the endpoint should contain atlassian.net.
Spaces in Confluence are automatically enumerated unless the spaces key is set to specific spaces. To skip specific spaces, use ignoreSpaces. Additionally, the spacesScope value can be set to ALL or GLOBAL or PERSONAL to indicate what type of spaces need to be scanned. In the absence of the spacesScope key, the value will be set to ALL. Please keep in mind that the spaces configuration will need to have the same spaceScope if they are both configured unless spaceScope is set to ALL.
You can find all the available Space Names by logging into your Atlassian account and then navigating to Confluence home --> Spaces --> View all spaces.
Confluence Cloud Basic Auth
sources:
- connection:
    '@type': type.googleapis.com/sources.Confluence
    endpoint: https://ourbusiness.atlassian.net/wiki
    basicAuth:
      # username for Confluence Cloud must be an email
      username: scanner-[email protected]
      # password for Confluence Cloud must be an Access Token
      password: XXXXXXXXXXXXXXXXXXXXXXXXXX
    spaces:
      - Test Space
      - Future Projects Space
    ignoreSpaces:
      - Space1
    includeAttachments: true
    skipHistory: true
    spacesScope: ALL
  name: Confluence
  scanPeriod: 12h
  type: SOURCE_TYPE_CONFLUENCE
  verify: true
sources:
- connection:
    '@type': type.googleapis.com/sources.Confluence
    endpoint: https://ourbusiness.atlassian.net/wiki
    basicAuth:
      # username for Confluence Cloud must be an email
      username: scanner-account@ourbusiness.com
      # password for Confluence Cloud must be an Access Token
      password: XXXXXXXXXXXXXXXXXXXXXXXXXX
    spaces:
      - Test Space
      - Future Projects Space
    ignoreSpaces:
      - Space1
    includeAttachments: true
    skipHistory: true
    spacesScope: ALL
  name: Confluence
  scanPeriod: 12h
  type: SOURCE_TYPE_CONFLUENCE
  verify: true
﻿
Confluence Datacenter and Server
Basic authentication can be used with a username and password for on-premise Confluence or a personal access token (PAT) with token authentication.
A Confluence source can be configured to explicitly include and ignore certain spaces via the spaces and ignoreSpaces configuration keys respectively. These keys expect a list of Space Names (please note that the Space Name differs from the Space Key). For on-premises configuration, the endpoint can't contain atlassian.net.
Basic Auth
Access Token
sources:
- connection:
    '@type': type.googleapis.com/sources.Confluence
    endpoint: https://ourbusiness.com/wiki
    token: XXXXXXXXXXXXXXXXXXXXXXXXXX
    spaces:
      - Test Space
      - Future Projects Space
    ignoreSpaces:
      - Space2
    includeAttachments: true
    skipHistory: true
    spacesScope: ALL
  name: Confluence
  scanPeriod: 12h
  type: SOURCE_TYPE_CONFLUENCE
  verify: true
sources:
- connection:
    '@type': type.googleapis.com/sources.Confluence
    endpoint: https://ourbusiness.com/wiki
    token: XXXXXXXXXXXXXXXXXXXXXXXXXX
    spaces:
      - Test Space
      - Future Projects Space
    ignoreSpaces:
      - Space2
    includeAttachments: true
    skipHistory: true
    spacesScope: ALL
  name: Confluence
  scanPeriod: 12h
  type: SOURCE_TYPE_CONFLUENCE
  verify: true
﻿
Options
Key
Description
Required
endpoint
The target endpoint URI
Yes
spacesScope
Scope for retrieving all spaces. Values can be ALL, GLOBAL or PERSONAL
No
insecureSkipVerifyTls
Boolean to skip TLS/SSL verification for insecure connections
No
spaces
Array of spaces to be included for retrieval. Omit to enumerate instead.
No
ignoreSpaces
Array of spaces to be ignored during retrieval
No
includeAttachments
Boolean to include attachments during retrieval
No
skipHistory
Boolean to skip retrieval of historical data
No
Capabilities
Feature
Supported
Scan archive files
✅
Scan attachments
✅
Scan base64 encoded data
✅
Scan binaries
✅
Comments
❌
Exclude Filter
✅
Auto resume
✅
Scan version history
✅
Notes
Attachment scanning is opt-in; version/history scanning is opt-out
﻿

Key	Description	Required
endpoint	The target endpoint URI	Yes
spacesScope	Scope for retrieving all spaces. Values can be ALL, GLOBAL or PERSONAL	No
insecureSkipVerifyTls	Boolean to skip TLS/SSL verification for insecure connections	No
spaces	Array of spaces to be included for retrieval. Omit to enumerate instead.	No
ignoreSpaces	Array of spaces to be ignored during retrieval	No
includeAttachments	Boolean to include attachments during retrieval	No
skipHistory	Boolean to skip retrieval of historical data	No

Feature	Supported
Scan archive files	✅
Scan attachments	✅
Scan base64 encoded data	✅
Scan binaries	✅
Comments	❌
Exclude Filter	✅
Auto resume	✅
Scan version history	✅

Updated 20 Sep 2024

Did this page help you?

CircleCI

Docker