The following describes how Secret Scanner for Confluence works.
You can install Secret Scanner for Confluence by search for "secret scanner" in the Atlassian Marketplace. Look for the crocodile image and click "Try it free" or "Buy it now" in the top right. After going though the install process you are ready to scan!
Once installed you can access it though the App's dropdown, with the title "Secret Scanner Report". Note that you will need to be a Confluence Administrator to view the report.
It will take minute or two for Secret Scanner to be allowed to scan your content from Confluence. When it is running you will see a message "Secret Scanner is running.". When finished you will be presented with a report. You can click through titles to any identified issues.
Secret Scanner will run on an automated basis every hour, so after removing problematic content it should disappear from the report within the hour. That's it! Secret Scanner is designed to be as simple as possible. Enjoy your secure Confluence install.
What Rules does Secret Scanner use?
Secret scanner uses an aggregated collection of rules taken from TruffleHog, GitLeaks, AWS Macie and other tools. Grouped together they scan for API Keys, Secrets and Credit Cards providing a comprehensive list of secrets that shouldn't be easily accessible. This list is constantly reviewed and updated over time.