Title here
Summary here
Introduction
What Is Aegis Compliance Suite?
Aegis Compliance Suite is a security compliance management application for Confluence Cloud, built entirely on the Atlassian Forge platform. It gives security, GRC (Governance, Risk and Compliance), and IT teams a single, unified workspace inside Confluence to:
- Detect sensitive data and security policy violations in Confluence pages using automated regex-based content scanning.
- Triage and track security findings through a structured queue with severity, status, and full audit history.
- Manage remediation via a case workflow system with SLA enforcement, assignees, comments, and Jira integration.
- Measure exposure risk on every Confluence page and space using a computed 0–100 exposure score.
- Alert stakeholders when risk thresholds are crossed or SLA deadlines are breached.
Aegis stores all data inside Forge’s tenant-isolated Entity Store, no data leaves Atlassian’s infrastructure, no external servers are required, and no credentials need to be managed.
Who Is Aegis For?
| Persona | Primary Use Cases |
|---|---|
| Security Engineer / GRC Analyst | Run content scans, triage findings, investigate exposure scores, manage cases |
| IT Administrator | Configure detectors, assign roles, set SLA policies, manage notification channels |
| Security Approver / Risk Manager | Approve risk exceptions, review audit logs |
| Developer / Page Owner | View the exposure score on their page via the content byline, report security findings from a page |
Core Concepts
Understanding these concepts before using Aegis will make the product much easier to navigate.
Findings
A finding is a record of a detected security issue or policy violation on a Confluence page. Findings can come from three sources:
- Scanner: automatically created by Aegis’s content scanning engine when a regex detector matches page body text (e.g., an AWS access key found in a runbook).
- Manual: created directly by an Analyst or Admin through the “New Finding” form or the page-level “Report Security Finding” action.
- CSV Import: bulk-created from a spreadsheet file, allowing teams to migrate findings from other tools.
Every finding has a severity (Critical, High, Medium, Low, Info) and a status (Open, Triaged, Resolved, Dismissed). Findings drive the exposure score on their affected page and can be escalated into Cases.
Cases
A case is a structured remediation work item that groups one or more related findings. Cases have assignees, SLA deadlines, threaded comments, and a full status lifecycle (Open → In Progress → Remediated → Closed). When a finding cannot be immediately fixed, an Analyst can request a risk exception to formally accept the risk, pending Approver sign-off.
Exceptions
A risk exception is a formal acceptance of risk associated with a case. An Analyst submits an exception with a justification and expiry date. The exception enters a pending state and notifies all Approvers. Once an Approver approves it, the case moves to “Exception” status. Exceptions automatically expire on their set date, reopening the parent case.
Exposure Score
Every Confluence page has an exposure score from 0 to 100, computed from six weighted signals:
| Signal | Default Weight |
|---|---|
| Public / anonymous access | 35% |
| External or guest users with access | 20% |
| Broad groups (100+ members) with access | 15% |
| Restriction weakness (no page-level restrictions) | 10% |
| Active open findings linked to this page | 15% |
| Content sensitivity label (classification) | 5% |
The score is displayed as a colored badge directly on every page via the Confluence content byline:
| Score Range | Risk Band | Indicator Color |
|---|---|---|
| 0–24 | Low | Green |
| 25–49 | Moderate | Yellow/Amber |
| 50–74 | High | Orange |
| 75–100 | Critical | Red |
Alert Rules
Alert rules define threshold conditions that trigger in-app notifications. For example, an alert rule can fire when any page’s exposure score increases by more than 20 points, when a critical finding is created, or when a case SLA is breached. Alert rules are configured in the Alerts tab and evaluated continuously at event time (or hourly for score-based rules).
Notification Channels
Notification channels (configured in Admin > Notifications) define which events are broadcast to users via the in-app notification bell. Built-in channels cover critical findings, SLA breaches, and case activity. Custom channels can be added to cover any combination of events.
How Aegis Integrates with Confluence
Aegis appears in four places inside Confluence Cloud:
| Surface | How to Access | Purpose |
|---|---|---|
| Global Page | Top navigation → Apps → Aegis Compliance Suite | Main dashboard with all 7 tabs |
| Content Byline | Beneath the title of every Confluence page | Exposure score badge, re-analyze button, Report Finding shortcut |
| Content Action | Three-dot menu ("…") on any Confluence page → Report Security Finding | Quick-create a finding pre-filled with the current page’s context (page ID, space key, title) |
| Global Settings | Confluence Settings (gear icon) → Aegis Compliance Suite Settings | Admin configuration, 8 tabs covering all settings |
Note: The user who installs the app is automatically assigned the Admin role. All other users default to Viewer. An Admin must assign appropriate roles to team members before they can create findings or manage cases.
Architecture Overview
The flow through Aegis follows a straightforward pipeline:
Content Scanning ──► Findings Created ──► Triage ──► Case Created ──► Remediation
└──► Risk Exception (if unfixable)
Permission Scanning ──► Exposure Scores Updated ──► Alert Rules Evaluated ──► NotificationsAll data flows stay inside Forge’s runtime. The backend consists of resolver functions (invoked by the React frontend via @forge/bridge), service modules (business logic), scheduled jobs (daily maintenance, hourly permission scans, alert evaluation), and async consumer queues (content scanning, exposure computation, evidence export).