Security

SynapseWorks builds Jira delivery products with a Forge-first, security-first posture. Controls are designed for enterprise teams and auditable flows.

Trust & Security details are published on GitBook: synapseworks-docs/common/trust-security.

Security contact

Email: [email protected]

Decision Register for Jira: Runs on Atlassian

• Forge-only architecture running on Atlassian infrastructure.
• No external backend services, no external storage, and no external network egress.
• No shared secrets or personal access tokens are required.
• Read-only patterns with limited preference storage via Forge storage (storage:app).

Synapse Forge: Runs on Atlassian

Synapse Forge uses a fully Forge-native runtime on Atlassian to process Jira issue context and return results to Jira.

• Data flow: Jira → Atlassian Forge runtime → Jira.
• External services: No external backend, no external storage, and no external network egress.
• Credentials: No Jira credentials, shared secrets, or personal access tokens are stored; authentication uses Forge-issued appUserToken and scoped permissions.
• Reliability: Availability is monitored and requests fail safely with clear errors when limits are reached.

Logging and access controls

• Operational logs are limited to what is required for troubleshooting and security monitoring.
• Transport is enforced over TLS; access to application paths is limited to required scopes.
• Forge scopes and least-privilege permissions are used across products.

Responsible disclosure

If you discover a vulnerability, please contact [email protected] with details and steps to reproduce. We request a reasonable time to investigate and remediate before public disclosure.