Forio
Docs

Reference

Page-Level Features

These features appear on every Confluence page and do not require navigating to the dashboard or admin settings.

Exposure Score Byline

Every Confluence page shows a small widget below the page title (in the content byline area). This is rendered by the confluence:contentBylineItem Forge module surface.

The byline displays:

  • Score chip: A colored badge showing the current exposure score (0–100). Color indicates risk level: green (Low), yellow (Moderate), orange (High), red (Critical).
  • Classification lozenge: The page’s current sensitivity classification (Public, Internal, Confidential, Restricted). If unclassified, this is absent.
  • Findings count: Number of open findings linked to this page.
  • Re-analyze button (↻): Forces a fresh exposure score computation for this page.
  • Report Finding button: Opens the Report Security Finding panel.

The score shown in the byline is the most recent snapshot. The snapshotAt timestamp shows how old the data is (e.g., “3h ago”). If no snapshot exists yet (first time viewing a page), the byline shows a placeholder until a permission scan has processed this page.

Clicking the score chip navigates to the main Aegis dashboard with the Access Explorer tab pre-focused on this page.

Note: The byline is visible to all Confluence users regardless of their Aegis role. However, the re-analyze and report finding actions enforce role checks on the server when clicked.

Confluence page showing the exposure score byline below the title with score badge, classification lozenge, and re-analyze button

Approximate Width Constraint

The Confluence content byline slot is capped at approximately 288px wide by the platform. The byline is designed in two rows to fit within this constraint. The exact layout depends on the score, classification, and finding count present.

Report Finding Action (Content Action)

Every Confluence page has a “…” (more actions) menu in the top-right corner of the page. When Aegis is installed, a Report Security Finding option appears in this menu.

Confluence page “…” menu showing “Report Security Finding” as one of the action items

How to Use

  1. On any Confluence page, click the "…" (more actions) menu.
  2. Click Report Security Finding.
  3. A panel opens (rendered by the confluence:contentAction Forge module surface) with a form:
    • Title (required): A short name for the finding (e.g., “Customer PII found in public space”).
    • Description (optional): Detailed description of what was found and why it is a risk.
    • Severity (required): Select Critical, High, Medium, Low, or Info.
  4. Click Submit.
  5. A success message confirms the finding was created.

What It Creates

Submitting the form creates a finding entity with:

  • Source: 'manual'
  • affectedContentId: The page ID of the current page (automatically populated from context).
  • affectedSpaceKey: The space of the current page.
  • reportedBy: The Confluence account ID of the user who submitted.
  • Status: 'open'

Who Can Use It

Any Confluence user can access the “Report Security Finding” menu option and submit the form. No Aegis role is required to report a finding. This is by design, security reporting should be accessible to everyone who encounters an issue.

The finding creation resolver requires at minimum no role (it uses the getContentContext zero-API-call resolver to populate context, and createFinding is accessible to all authenticated users).

Note: Findings created via this action are visible in the Findings tab of the main dashboard. Analysts can triage and investigate them like any other finding.

What Happens After Submission

  1. The finding appears in the Findings tab of the main dashboard with status “Open” and source “Manual”.
  2. If the finding is Critical severity, the “Critical Findings” notification channel fires (if enabled), creating in-app notifications for all users.
  3. The finding’s evidence event finding_created is appended to the audit log.
  4. The Dashboard KPI card “Active Findings” increments.