Skip to content

BluBracket/confluence-risk-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

Pipfile

Pipfile

 
 

Pipfile.lock

Pipfile.lock

 
 

README.md

README.md

 
 

confluence_risk_scanner.py

confluence_risk_scanner.py

 
 

pyproject.toml

pyproject.toml

 
 

setup.cfg

setup.cfg

 
 

Repository files navigation

Confluence Risk Scanner

The easiest way to scan Atlassian Confluence Cloud/Server for secrets, PII, and non-inclusive language.

This fully-functional solution uses the BluBracket CLI to do the risk detection heavy lifting, combined with open-source helper code written in Python to interact with CLI.

This tool runs entirely locally. Installation is almost as easy as cloning the repo, and you should have a working POC in minutes.

Installation

  1. Install the BluBracket CLI (see below)
  2. Clone or download this repo
  3. pipenv sync inside the repo to install Python dependencies

Requires Python3 and pip, but you probably already have those.

Install the BluBracket CLI

The BluBracket CLI is a high-performance, compact risk scanner written in Go. Unlike some tools, it runs entirely locally without sending any data to remote hosts (unless explicitly configured otherwise).

macOS, multiple Linux distros, and Windows are all supported.

Use these direct links to download the executables:

For example, to download and run the latest BluBracket CLI on macOS, you could run:

curl https://static.blubracket.com/cli/latest/blubracket-macos -o blubracket
chmod +x ./blubracket
mv ./blubracket /usr/local/bin/

Usage

pipenv sync

# Set credentials
export ATLASSIAN_ACCOUNT_EMAIL=<Atlassian account email>
export ATLASSIAN_API_TOKEN=<Atlassian API token>

# Scan a page
pipenv run python confluence_risk_scanner.py \
    --url https://<your-domain>.atlassian.net \
    --page-id <confluence page id> \
    --output result.jsonl

# Scan all pages in a space
pipenv run python confluence_risk_scanner.py \
    --url https://<your-domain>.atlassian.net \
    --space-key <confluence space key> \
    --output result.jsonl

Note: For Confluence Server, set ATLASSIAN_ACCOUNT_EMAIL to the username and ATLASSIAN_API_TOKEN to the password

To see more options pipenv run python confluence_risk_scanner.py --help

Limitations

  1. This recipe doesn't scan the history or attachments in a confluence page.

  2. This reciple doesn't detect the secrets in the following formats because of the current limitations of BluBracket CLI

    # Hyphen (-) operator is not natively supported by BluBracket CLI
Password - abc123!@#

# Curly quotes (“ ”) are also not supported by BluBracket CLI
password = “abc123!@#”

Modifying and contributing

This Apache-licensed project is open for re-use and improvements by all. Please open an issue or pull request if you find any bugs or see an opportunity for improvement.

Hit us up on Twitter at @BluBracket to tell us how you're using it!

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

15 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages