Security

SynapseWorks builds Jira delivery products with a Forge-first, security-first posture. Controls are designed for enterprise teams and auditable flows.

Security contact

Email: [email protected]

Decision Register for Jira: Runs on Atlassian

• Forge-only architecture running on Atlassian infrastructure.
• No external backend services and no external network egress. Data stays within Atlassian.
• Read-only patterns with limited preference storage via Forge storage (storage:app).

Synapse: Forge + Azure backend

Synapse uses a scoped Azure backend to process Jira issue context and return results to Forge and Jira.

• Data flow: Jira → Atlassian Forge → SynapseWorks Azure backend → Forge/Jira.
• Credentials: No Jira credentials are stored; authentication uses Forge-issued appUserToken and scoped permissions.
• Reliability: Availability is monitored and requests fail safely with clear errors when limits are reached.

Logging and access controls

• Operational logs are limited to what is required for troubleshooting and security monitoring.
• Transport is enforced over TLS; access to processing services is limited to required scopes.
• Forge scopes and least-privilege permissions are used across products.

Responsible disclosure

If you discover a vulnerability, please contact [email protected] with details and steps to reproduce. We request a reasonable time to investigate and remediate before public disclosure.