Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Data Center plugin security

Jakub Zemanec
Jakub Zemanec November 29, 2023

Hi Everyone,

I have been confronted by our CyberSecurity teams on the plugins that I allow to be installed in our Data Center Jira.

I have not been able to find proper materials that would describe how specifically are Jira Data Center apps security and most importantly, all the materials and documents that I've read seem to be concerning only Cloud. 

Programs like Cloud Fortified, Bug Bountry programs etc. seem to be only applicable for cloud, yet seem to be applicable for some data center plugins. 

My main question here is - how can i evaluate security of Data Center plugins? And how (if) does Atlassian guarantee marketplace plugins security?

Thank you very much for your help!! :)

Jakub

Answer
Watch
Like Be the first to like this
525 views

1 answer

0 votes
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 29, 2023

Hi @Jakub Zemanec 

Data Center is a on-prem self hosted installation. So all marketplace apps you install, the security is based on you on-prem network.

All data functionalities you use from these app and data related are stored in you Database.

So all security is based on your network and company policy around security and risk

The reason all these details are specified around Clou is that Atlassian Cloud is a Saas solution.

Cloud related apps can store data on other locations than Atlassian's Saas platform.

View More Comments
Jakub Zemanec
Jakub Zemanec November 29, 2023 edited

Thank you for your explanation.

My main concern here would be that I download potentially malicious plugin that would steal our data. Only thing to prevent that would be to tightly control outgoing communication from our AWS, which can be a pretty hard thing (at least for me) with all of the traffic and inability to easily identify the data being sent from Jira to the internet.

Do have any recommendations on how to manage my plugins to prevent data loss or security vulnerabilities?

Thank you very much,

Jakub

Like
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 29, 2023

Hi @Jakub Zemanec 

Some guidelines here.

Check the vendor for offering a support portal, view their website and location of the vendor if that would cause reasons to not use the app.

Stay away from free apps offered by a vendor not offering paid options as well and still related to the above.

You can ream more here

Documentation is found there what app development guidelines are for developers of apps on different platforms of Atlassian.

Al steps that a developer has to take before the app will be listed on the marketplace etc.

Like Henri Seymour _Easy Agile_ likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Champions
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.