Security
SynapseWorks builds Jira delivery products with a Forge-first, security-first posture. Controls are designed for enterprise teams and auditable flows.
Security contact
Email: [email protected]
Decision Register for Jira: Runs on Atlassian
- Forge-only architecture running on Atlassian infrastructure.
- No external backend services and no external network egress. Data stays within Atlassian.
- Read-only patterns with limited preference storage via Forge storage (storage:app).
Synapse: Forge + Azure backend
Synapse uses a scoped Azure backend to process Jira issue context and return results to Forge and Jira.
- Data flow: Jira → Atlassian Forge → SynapseWorks Azure backend → Forge/Jira.
- Credentials: No Jira credentials are stored; authentication uses Forge-issued appUserToken and scoped permissions.
- Reliability: Availability is monitored and requests fail safely with clear errors when limits are reached.
Logging and access controls
- Operational logs are limited to what is required for troubleshooting and security monitoring.
- Transport is enforced over TLS; access to processing services is limited to required scopes.
- Forge scopes and least-privilege permissions are used across products.
Responsible disclosure
If you discover a vulnerability, please contact [email protected] with details and steps to reproduce. We request a reasonable time to investigate and remediate before public disclosure.