Hi Everyone,
I have been confronted by our CyberSecurity teams on the plugins that I allow to be installed in our Data Center Jira.
I have not been able to find proper materials that would describe how specifically are Jira Data Center apps security and most importantly, all the materials and documents that I've read seem to be concerning only Cloud.
Programs like Cloud Fortified, Bug Bountry programs etc. seem to be only applicable for cloud, yet seem to be applicable for some data center plugins.
My main question here is - how can i evaluate security of Data Center plugins? And how (if) does Atlassian guarantee marketplace plugins security?
Thank you very much for your help!! :)
Jakub
Data Center is a on-prem self hosted installation. So all marketplace apps you install, the security is based on you on-prem network.
All data functionalities you use from these app and data related are stored in you Database.
So all security is based on your network and company policy around security and risk
The reason all these details are specified around Clou is that Atlassian Cloud is a Saas solution.
Cloud related apps can store data on other locations than Atlassian's Saas platform.
Thank you for your explanation.
My main concern here would be that I download potentially malicious plugin that would steal our data. Only thing to prevent that would be to tightly control outgoing communication from our AWS, which can be a pretty hard thing (at least for me) with all of the traffic and inability to easily identify the data being sent from Jira to the internet.
Do have any recommendations on how to manage my plugins to prevent data loss or security vulnerabilities?
Thank you very much,
Jakub
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Some guidelines here.
Check the vendor for offering a support portal, view their website and location of the vendor if that would cause reasons to not use the app.
Stay away from free apps offered by a vendor not offering paid options as well and still related to the above.
You can ream more here
Documentation is found there what app development guidelines are for developers of apps on different platforms of Atlassian.
Al steps that a developer has to take before the app will be listed on the marketplace etc.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Online forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.