/
Security Practices

Security Practices

Owned by Maksym Babenko
Last updated: Mar 01, 2025
3 min read

Last Updated: February 22, 2025

At Risk Radar, security is a top priority. We are committed to providing a secure and trustworthy risk assessment tool for Jira Cloud users. Our approach to security is built on industry best practices, Atlassian Forge security standards, and continuous improvements to ensure data integrity, confidentiality, and availability.

Detailed Security Information

1. Access Control and Authentication

  • All requests are processed through the Atlassian API. User authentication is provided via OAuth 2.0.

  • The application does not store passwords or user personal data.

  • Data access is determined by Jira role-based permissions (RBAC).

2. Data Storage and Processing

  • Risk data is stored in Jira Issue Properties (within the task).

  • No data is transferred outside Atlassian Cloud.

  • Optional feature to add comments for transparency.

3. Encryption and API Security

  • All connections are secured via HTTPS/TLS 1.2+.

  • The application uses Atlassian Forge Runtime, eliminating the need to store data in third-party databases.

4. Incident Management

  • Atlassian manages security infrastructure (DDoS, WAF, IAM).

  • Errors are logged in the Atlassian Dev Console.

5. Compliance with Atlassian Requirements

  • Risk Radar complies with Forge Security Guidelines.

  • Security policies are outlined in the Privacy Policy.

📌 Our Security Approach

We follow a multi-layered security model to protect customer data, ensure secure access, and mitigate security threats. Our security program is aligned with Atlassian Marketplace requirements and best practices for Forge apps.

1️⃣ Secure Application Architecture

  • Built on Atlassian Forge, ensuring applications run within Atlassian’s secure cloud infrastructure.

  • No external servers – all logic runs within the Atlassian environment, reducing security risks.

  • Data stored securely in Jira issue properties using the Jira REST API, avoiding external data storage risks.

2️⃣ Data Security & Privacy

  • No personal data collection – Risk Radar does not store, track, or process personally identifiable information (PII).

  • Data encryption – All communication between the app and Jira Cloud is secured using TLS 1.2+ encryption.

  • Logical tenant separation – Each Jira Cloud instance has its own isolated data context, preventing cross-tenant access.

3️⃣ Access Control & Authentication

  • Atlassian manages authentication – Risk Radar leverages Jira’s built-in authentication system, eliminating the need for separate user credentials.

  • Minimal permissions – The app only requests the necessary READ and WRITE scopes, minimizing security exposure.

  • Role-based access control (RBAC) – Users can only access data relevant to their Jira instance.

🔍 Security in Our Development Process

4️⃣ Secure Code Practices

  • Static code analysis – All code undergoes automated scans to detect vulnerabilities before deployment.

  • Regular dependency updates – Open-source libraries are continuously monitored and updated to patch known security issues.

  • Peer code reviews – Every code change is reviewed by security-conscious developers before release.

5️⃣ Threat Modeling & Risk Management

  • Threat assessments – Regularly conducted to identify potential attack vectors.

  • Mitigation strategies – Security controls are implemented to minimize risk exposure.

  • Atlassian security guidelines – Risk Radar follows best practices outlined in the Atlassian Cloud App Security Requirements.

🚀 Continuous Security Monitoring & Compliance

6️⃣ Vulnerability Management & Incident Response

  • Proactive monitoring – We monitor security trends and apply necessary patches to mitigate risks.

  • Incident response plan – Any security breach or vulnerability is escalated and handled in compliance with Atlassian security standards.

  • Bug bounty participation – We leverage industry-standard vulnerability disclosure programs for proactive security testing.

📌 Shared Security Responsibility

7️⃣ Your Role in Security

While Risk Radar follows strict security measures, customers should also follow best practices to maintain security within their Jira Cloud environments:
Control user access permissions to prevent unauthorized access.
Keep Jira up to date with the latest security patches from Atlassian.

Contact & Security Reporting

If you identify a potential security vulnerability or have security concerns, please contact us at:
📧 Email: riskradarjira@gmail.com

We take all security reports seriously and will investigate any concerns promptly.

Related content