Integrate a new Confluence Data Center source

info

Historical scanning is now available in Beta. Check out Scanning your Confluence Data Center History for more information.

All detectors are supported, with the exception of these 2 generic detectors, in order to limit the risk of false positives:

• Generic High Entropy Secret
• Generic Password

Setting up and configuring this integration is limited to users with an Owner or Manager access level. Confluence Data Center site installation is only open to workspaces under the Business plan. However, you can install and test secret detection in Confluence Data Center with a 30-day trial. Any secret incidents detected during the trial will remain accessible in your incident dashboard.

GitGuardian integrates natively with Confluence Data Center via an administrator Personal Access Token that you can create from your Confluence Data Center sites. Note that GitGuardian only has read access to your spaces.

Requirements

You must be a Confluence Administrator to configure GitGuardian Confluence Data Center integration. Make sure your administrator user is in the confluence-administrators group to be able to access all pages and spaces regardless of permissions.

Setup your Confluence Data Center integration

You can install GitGuardian on multiple Confluence Data Center sites to monitor your spaces.

1. Make sure you're logged as an administrator in the Confluence Data Center site you want to install
2. Go to the Settings page
3. Go to the Personal Access Tokens section and click Create token to create a new PAT
4. Provide a Token Name, an optional Expiry date and click Create
5. Copy your new PAT and click Close
6. In the GitGuardian platform, navigate to the Sources integration page
7. Click Install next to Confluence Data Center in the Documentation section
8. Click Install on the Confluence Data Center integration page
9. Paste your Confluence Data Center site URL, your administrator Personal Access Token and click Add

That's it! Your Confluence Data Center site is now installed, and GitGuardian is monitoring all pages, blogs and comments of your spaces for secrets.

info

Confluence allows the creation of up to 10 PATs. GitGuardian automatically renews PATs before they expire. To do this, you must have at least 2 PAT slots free. Otherwise, an error message will warn you that the integration is no longer functional.

Scanning your Confluence Data Center history (beta)

GitGuardian enables you and encourages you to scan the entire history of your perimeter. By executing historical scanning, all secrets present in your Confluence sources prior to installing GitGuardian will be detected.

Unlike Version Control Systems, historical scanning has to be manually executed from your perimeter page, by:

• Selecting your Confluence Data Center sources
• Clicking scan from the top action bar

Uninstall your Confluence Data Center site

To uninstall a Confluence Data Center site:

1. In the GitGuardian platform, navigate to the Sources integration page
2. Click Edit next to Confluence Data Center in the Documentation section
3. Click the bin icon next to the Confluence Data Center site to uninstall
4. Confirm by clicking Yes, uninstall in the confirmation modal

That's it! Your Confluence Data Center site is now uninstalled.

Limitations

• Historical Scan (Beta): Historical scanning is now available in Beta. The historical scans are not automatically executed upon the addition of newly created sources. It only works in manual mode.
• Monitored Perimeter: Customization of the monitored perimeter is not supported. All spaces are monitored by default.
• Team Perimeter: Customization of a team perimeter with Confluence Data Center spaces is not supported. Users must be in All-incidents team to view and access Confluence Data Center incidents.
• Source Visibility: The visibility of spaces is not determined. All spaces are considered private in both the UI and API.
• Presence Check: The presence check feature is not supported. All occurrences are considered present in both the UI and API.
• Occurrence metadata: Author's email is not determined.
• File Attachments: File attachments are not scanned.

Privacy

Country-specific laws and regulations may require you to inform your Confluence Data Center users that your spaces are being scanned for secrets. Here is a suggestion for a message you may want to use:

As part of our internal information security process, the company scans the Confluence Data Center spaces for potential secrets leaks using GitGuardian. All data collected will be processed for the purpose of detecting potential leaks. To find out more about how we manage your personal data and to exercise your rights, please refer to our employee/partner privacy notice. Please note that only spaces relating to the company’s activity and business may be monitored and that users shall refrain from sharing personal or sensitive data not relevant to the space’s purpose.