Search

Out of Office for Jira - Security FAQs

What is Out of Office for Jira?

Out of Office for Jira is an installable app that uses Jira Assets and Automation rules to assign alternative approvers and assignees when a user is out of office. This ensures that tickets assigned to a user for completion or approval are never left behind.

What is Out of Office for Jira built on?

The Out of Office for Jira app is built on the Atlassian Forge platform.

Atlassian Forge is a serverless app development platform designed for building extensions and customisations for Atlassian's cloud products. Forge provides the infrastructure, tools, and environment for developing, hosting, and managing cloud apps. All of these components are hosted in the Atlassian platform.

What are Out of Office for Jira’s trust signals?

Out of Office for Jira has two trust signals:

Runs on Atlassian signals to the customer that this app runs on the Atlassian platform via Forge and has met the criteria to receive this badge. These criteria include that data is not transmitted out of the platform, and it offers data residency.

Cloud Security Participant signals that the app is enrolled in Atlassian’s Marketplace Bug Bounty Program. This means Out of Office for Jira is part of a rigorous bug bounty program and is built by partners who incentivise active security research and fix security issues within an Atlassian-defined timeframe.

Is Out of Office for Jira hosted in Australia?

Forge apps are pinned to the host site of the installation. If your Jira instance is configured to the Australia region, the app will also operate within that same region.

Has GLiNTECH submitted a CAIQ security assessment to Atlassian?

Atlassian has replaced the CAIQ security assessment for the Atlassian Marketplace with CAIQ-Lite. However, it is important to note that the CAIQ-Lite program has since been discontinued, even though the certificate continues to be displayed as a security certificate on the Marketplace.

What process have you followed to publish this app in Atlassian Marketplace, whilst ensuring the app is secure?

Publishing a Forge app for the Atlassian Marketplace is controlled through a developer portal hosted by Atlassian. The code is deployed from that environment, and upon submission to the marketplace, it goes through rigorous review and testing. At no point during the submission does data egress from the platform.

What is the data used (during transit, storage or processing)?

This Out of Office for Jira app relies on Forge storage to store configuration data. The data stored is the schema ID and object ID of where Out of Office records will be created. When an out-of-office entry is created, the values are stored in an asset object.

What are the scopes required for the app?

The following permission scopes are defined for the app:

scopes:
    - storage:app 
    - read:cmdb-schema:jira  
    - read:cmdb-object:jira
    - read:cmdb-type:jira
    - read:servicedesk-request 
    - read:cmdb-attribute:jira 
    - read:jira-user 
    - write:cmdb-object:jira 
    - write:cmdb-type:jira
    - write:cmdb-attribute:jira

^Scope	^Usage
`storage:app`	^{Enables the App storage API}
`read:cmdb-schema:jira`	^{View Assets schemas}
`read:cmdb-object:jira`	^{Read Assets objects}
`read:cmdb-type:jira`	^{View Asset object types}
`read:cmdb-attribute:jira`	^{View Assets object type attributes}
`read:servicedesk-request`	^{View Jira Service Desk request data}
`read:jira-user`	^{View user profiles}
`write:cmdb-attribute:jira`	^{Create or update the Assets object type attributes}
`write:cmdb-object:jira`	^{Create or update Assets objects}
`write:cmdb-type:jira`	^{Create or update Assets object types}