Code Security Integration with Confluence

You can use Code Security to scan the content in a Confluence instance. The integration uses a Lambda function in AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. and a webhook in Confluence.

Prerequisites

  • The Lambda function requires these permissions in AWS:

    Copy 
    cloudformation:DescribeStacks
    iam:CreateRole
    iam:DeleteRole
    apigateway:POST
    logs:CreateLogGroup
    iam:PutRolePolicy

  • In your Confluence instance, you must install the webhooks manager extension.

To integrate Code Security with Confluence:

  1. In AWS, launch this stack to deploy the Lambda function.

  2. In your Confluence instance, add a new webhook in the webhook manager. Change YOUR_ACCOUNT to your instance domain in this url:

    https://YOUR_ACCOUNT.atlassian.net/wiki/plugins/servlet/ac/com.stiltsoft.confluence.cloud.webhooks/admin-webhooks-page)

  3. Configure a webhook URL to point to your function endpoint. The function endpoint appears in the Lambda page in the AWS console.

  4. Add the query string parameter webhook_token.

  5. Add the query string parameter webhook_token to the same webhook token you put in the CONFLUENCE_WEBHOOK_TOKEN parameter in the Lambda function.

  6. Add these event types to the webhook:

    • attachment created

    • comment created

    • comment updated

    • page created

    • page updated

    • content created

    • content updated

  7. To test the integration, open a Jira issue with a fake secret (for example: AKIA4HK52OLF2AAN9KWV).

Example Configuration

Object

Value

Confluence event endpoint URL

https://random123.execute-api.us-east-1.amazonaws.com/prod/api/confluence_event

Token that you set in your function env var

f4lmf4kl2ldoxxxxxx

Webhook URL you configure in Confluence

https://random123.execute-api.us-east-1.amazonaws.com/prod/api/confluence_event?webhook_token=f4lmf4kl2ldoxxxxxx