Integrate a new Confluence Data Center source

info

For now, only real-time scanning is supported to detect secrets in pages, blogs and comments. All detectors are supported, with the exception of these 2 generic detectors, in order to limit the risk of false positives:

• Generic High Entropy Secret
• Generic Password

Setting up and configuring this integration is limited to users with an Owner or Manager access level. Confluence Data Center site installation is only open to workspaces under the Business plan, but uninstallation is open to all. Alternatively, you can install and test secret detection in Confluence Data Center with a 30-day trial. Any secret incidents created during this period will remain accessible in your incident dashboard after the trial period.

GitGuardian integrates natively with Confluence Data Center via an administrator Personal Access Token that you can create from your Confluence Data Center sites. Note that GitGuardian only has read access to your spaces.

Setup your Confluence Data Center integration

You can install GitGuardian on multiple Confluence Data Center sites to monitor your spaces.

1. Make sure you're logged as an administrator in the Confluence Data Center site you want to install
2. Go to the Settings page
3. Go to the Personal Access Tokens section and click Create token to create a new PAT
4. Provide a Token Name, an optional Expiry date and click Create
5. Copy your new PAT and click Close
6. In the GitGuardian platform, navigate to the Sources integration page
7. Click on the Install button next to Confluence Data Center in the Documentation section
8. Click on the Install button of the Confluence Data Center integration page
9. Paste your Confluence Data Center site URL, your administrator Personal Access Token and click Add

That's it! Your Confluence Data Center site is installed and we are now monitoring all pages, blogs and comments of your spaces for secrets.

info

Confluence allows the creation of up to 10 PATs. GitGuardian automatically renews PATs before they expire. To do this, you must have at least 2 PAT slots free. Otherwise, an error message will warn you that the integration is no longer functional.

Uninstall your Confluence Data Center site

To uninstall a Confluence Data Center site:

1. In the GitGuardian platform, navigate to the Sources integration page
2. Click on the Edit button next to Confluence Data Center in the Documentation section
3. Click on the bin icon next to the Confluence Data Center site to be uninstalled
4. Confirm by clicking on the Yes, uninstall button in the confirmation modal

That's it! Your Confluence Data Center site is now uninstalled.

Limitations

• Historical Scan: Historical scans are not yet supported (coming soon).
• Source Listing: Monitored Confluence Cloud spaces are not yet listed on the Perimeter page (coming soon).
• Monitored Perimeter: Customization of the monitored perimeter is not supported. All spaces are monitored by default.
• Team Perimeter: Customization of a team perimeter with Confluence Cloud spaces is not supported. Users must be part of the All-incidents team to view and access secret incidents related to Confluence Cloud.
• Source Visibility: The visibility of spaces is not determined. All spaces are considered private in both the UI and API.
• Presence Check: The presence check feature is not supported. All occurrences are considered present in both the UI and API.
• Occurrence metadata: Author's email is not determined.
• File Attachments: File attachments are not scanned.
• Occurrence Previews: Previews of occurrences are not supported.

Privacy

Country-specific laws and regulations may require you to inform your Confluence Data Center users that your spaces are being scanned for secrets. Here is a suggestion for a message you may want to use:

As part of our internal information security process, the company scans the Confluence Data Center spaces for potential secrets leaks using GitGuardian. All data collected will be processed for the purpose of detecting potential leaks. To find out more about how we manage your personal data and to exercise your rights, please refer to our employee/partner privacy notice. Please note that only spaces relating to the company’s activity and business may be monitored and that users shall refrain from sharing personal or sensitive data not relevant to the space’s purpose.