Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Data Center plugin security

Jakub Zemanec November 29, 2023

Hi Everyone,

I have been confronted by our CyberSecurity teams on the plugins that I allow to be installed in our Data Center Jira.

I have not been able to find proper materials that would describe how specifically are Jira Data Center apps security and most importantly, all the materials and documents that I've read seem to be concerning only Cloud. 

Programs like Cloud Fortified, Bug Bountry programs etc. seem to be only applicable for cloud, yet seem to be applicable for some data center plugins. 

My main question here is - how can i evaluate security of Data Center plugins? And how (if) does Atlassian guarantee marketplace plugins security?

Thank you very much for your help!! :)

Jakub

1 answer

0 votes
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 29, 2023

Hi @Jakub Zemanec 

Data Center is a on-prem self hosted installation. So all marketplace apps you install, the security is based on you on-prem network.

All data functionalities you use from these app and data related are stored in you Database.

So all security is based on your network and company policy around security and risk

The reason all these details are specified around Clou is that Atlassian Cloud is a Saas solution.

Cloud related apps can store data on other locations than Atlassian's Saas platform.

Jakub Zemanec November 29, 2023 edited

Thank you for your explanation.

My main concern here would be that I download potentially malicious plugin that would steal our data. Only thing to prevent that would be to tightly control outgoing communication from our AWS, which can be a pretty hard thing (at least for me) with all of the traffic and inability to easily identify the data being sent from Jira to the internet.

Do have any recommendations on how to manage my plugins to prevent data loss or security vulnerabilities?

Thank you very much,

Jakub

Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 29, 2023

Hi @Jakub Zemanec 

Some guidelines here.

Check the vendor for offering a support portal, view their website and location of the vendor if that would cause reasons to not use the app.

Stay away from free apps offered by a vendor not offering paid options as well and still related to the above.

You can ream more here

Documentation is found there what app development guidelines are for developers of apps on different platforms of Atlassian.

Al steps that a developer has to take before the app will be listed on the marketplace etc.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events