Detailed Security Information
Last Updated: February 22, 2025
At Risk Radar, security is a top priority. We are committed to providing a secure and trustworthy risk assessment tool for Jira Cloud users. Our approach to security is built on industry best practices, Atlassian Forge security standards, and continuous improvements to ensure data integrity, confidentiality, and availability.
Detailed Security InformationAll requests are processed through the Atlassian API. User authentication is provided via OAuth 2.0.
The application does not store passwords or user personal data.
Data access is determined by Jira role-based permissions (RBAC).
Risk data is stored in Jira Issue Properties (within the task).
No data is transferred outside Atlassian Cloud.
Optional feature to add comments for transparency.
All connections are secured via HTTPS/TLS 1.2+.
The application uses Atlassian Forge Runtime, eliminating the need to store data in third-party databases.
Atlassian manages security infrastructure (DDoS, WAF, IAM).
Errors are logged in the Atlassian Dev Console.
Risk Radar complies with Forge Security Guidelines.
Security policies are outlined in the Privacy Policy.
We follow a multi-layered security model to protect customer data, ensure secure access, and mitigate security threats. Our security program is aligned with Atlassian Marketplace requirements and best practices for Forge apps.
Built on Atlassian Forge, ensuring applications run within Atlassianβs secure cloud infrastructure.
No external servers β all logic runs within the Atlassian environment, reducing security risks.
Data stored securely in Jira issue properties using the Jira REST API, avoiding external data storage risks.
No personal data collection β Risk Radar does not store, track, or process personally identifiable information (PII).
Data encryption β All communication between the app and Jira Cloud is secured using TLS 1.2+ encryption.
Logical tenant separation β Each Jira Cloud instance has its own isolated data context, preventing cross-tenant access.
Atlassian manages authentication β Risk Radar leverages Jiraβs built-in authentication system, eliminating the need for separate user credentials.
Minimal permissions β The app only requests the necessary READ and WRITE scopes, minimizing security exposure.
Role-based access control (RBAC) β Users can only access data relevant to their Jira instance.
Static code analysis β All code undergoes automated scans to detect vulnerabilities before deployment.
Regular dependency updates β Open-source libraries are continuously monitored and updated to patch known security issues.
Peer code reviews β Every code change is reviewed by security-conscious developers before release.
Threat assessments β Regularly conducted to identify potential attack vectors.
Mitigation strategies β Security controls are implemented to minimize risk exposure.
Atlassian security guidelines β Risk Radar follows best practices outlined in the Atlassian Cloud App Security Requirements.
Proactive monitoring β We monitor security trends and apply necessary patches to mitigate risks.
Incident response plan β Any security breach or vulnerability is escalated and handled in compliance with Atlassian security standards.
Bug bounty participation β We leverage industry-standard vulnerability disclosure programs for proactive security testing.
While Risk Radar follows strict security measures, customers should also follow best practices to maintain security within their Jira Cloud environments:
β
Control user access permissions to prevent unauthorized access.
β
Keep Jira up to date with the latest security patches from Atlassian.
If you identify a potential security vulnerability or have security concerns, please contact us at:
π§ Email: riskradar@typeswitch.net
We take all security reports seriously and will investigate any concerns promptly.