Trust & Security for Business Sign-off for Jira Cloud

Trust, security, and data-handling details for our Jira Cloud approval app

This page summarizes the trust, security, and data-handling posture of Business Sign-off & Approval for Jira Cloud. It is intended to give Jira administrators, procurement teams, and Atlassian Marketplace reviewers a concise view of how the app is hosted, what data it handles, what permissions it requires, and how Cahaba Forge approaches security operations.

Security Overview

  • Runs entirely on Atlassian Forge within Atlassian-managed cloud infrastructure
  • Uses no Forge Remote services and no external application hosting
  • Makes no external network egress to Cahaba Forge systems or third-party services during normal app operation
  • Stores app data only in Atlassian Forge Storage and Jira Cloud issue-level data structures
  • Uses Forge’s per-tenant isolation model; there is no cross-tenant data access
  • Does not collect Atlassian passwords, API tokens, or customer-managed secrets
  • Uses permission checks on privileged operations; UI visibility is not treated as the only security boundary
  • Supports configurable Separation of Duties controls to prevent self-approval scenarios
  • Maintains a tamper-evident audit trail using SHA-256 record hashing and hash-chain-backed issue property records
  • Participates in Atlassian’s Personal Data Reporting program for cloud apps that store personal data
  • Provides a security contact at security@cahabaforge.com

Platform and Hosting

Business Sign-off & Approval is a Forge app. App code runs inside Atlassian’s isolated Forge runtime rather than on Cahaba Forge-hosted servers.

  • Hosting: Atlassian-managed infrastructure
  • Execution model: Forge sandbox / isolated runtime
  • Infrastructure security: Managed by Atlassian
  • TLS and transport security: Managed by Atlassian as part of Forge and Jira Cloud
  • Data residency: App data resides within Atlassian infrastructure in the same region as the customer’s Jira Cloud site, subject to Atlassian’s data residency model
  • External hosting: None
  • Forge Remote: Not used
  • Web triggers: Not used

For platform background, see Atlassian’s Forge security documentation.

Data Handling

Data the app accesses

The app accesses only the Jira and app data required to support approval workflows, audit history, configuration, and notification behavior. This includes:

  • issue identifiers, summaries, statuses, reporters, and assignees
  • approver assignments and decisions
  • project and global configuration relevant to approval behavior
  • issue properties and custom fields used for workflow integration
  • Atlassian account IDs and display-name information needed for approver display, audit history, and permission-sensitive behavior

Data the app stores

  • approver records and decision state
  • audit history and admin audit data
  • global and project configuration
  • export task state
  • Jira issue properties and custom field values used for workflow and reporting integration

Data the app does not store

  • Atlassian passwords
  • Atlassian API tokens
  • customer-managed secrets
  • third-party service credentials
  • analytics or tracking data

User email addresses may be read at runtime where needed by Jira or Forge behavior, but they are not persisted by the app.

Storage location

  • Forge Storage: approver records, history, configuration, export state, and related app data
  • Jira Cloud: issue properties and custom field values used for approval-state integration

No app data is transmitted to Cahaba Forge-hosted systems or third-party systems outside Atlassian infrastructure.

Retention and deletion behavior

  • Approver records: retained while the associated issue exists
  • Audit history: retained while the associated issue exists
  • Project configuration: retained while the project exists
  • Export task records: transient, auto-purged after a limited period
  • Admin audit log: retained for the lifetime of the app installation
  • Forge Storage on uninstall: deleted as part of Atlassian’s standard Forge uninstall handling
  • Jira custom fields and issue properties on uninstall: remain as native Jira data unless separately removed by the customer

Account lifecycle and privacy handling

Because the app stores personal data, it participates in Atlassian’s Personal Data Reporting program. On a scheduled basis, the app reports stored Atlassian account IDs to Atlassian so Atlassian can notify the app of account lifecycle changes.

When Atlassian indicates that a user account has been closed, the app pseudonymizes stored data for that user by replacing display names with "Deleted user" and clearing decision comments authored by that user where applicable. This preserves audit continuity while removing direct personal identifiers from stored records.

For full legal and operational detail, see our Privacy Policy.

App Permissions and Access Control

Business Sign-off follows a least-privilege approach: the app requests only the Jira and Forge scopes required to implement its features.

Scope summary

  • storage:app: store approval records, configuration, audit history, and export task state
  • read:jira-work: read issue, project, workflow, and issue-property data required for rendering and workflow evaluation
  • write:jira-work: update issue-linked approval state and related workflow integration data
  • read:jira-user: resolve approver identities and enforce user-sensitive rules such as Separation of Duties
  • manage:jira-configuration: support admin and project-configuration functions, including eligibility rules and project/admin configuration pages
  • write:app-data:jira: write app-specific issue entity properties used by workflow conditions and validators
  • report:personal-data: support Atlassian-required personal-data reporting for apps that store personal data

Access-control model

  • Administrative configuration actions are restricted to appropriate Jira administrative roles
  • Project-specific configuration actions require the relevant project-level authority
  • Resolver handlers perform permission checks before executing privileged operations
  • Display conditions and UI visibility are convenience controls, not the only enforcement boundary
  • The app includes configurable Separation of Duties controls to restrict who may approve issues in sensitive scenarios

Logging and Secrets Handling

The app does not collect or store Atlassian credentials, third-party service credentials, or customer-managed secrets.

Diagnostic and operational logging is limited in scope:

  • logs may include Atlassian account IDs and issue keys for troubleshooting
  • logs do not include stored passwords, API tokens, email addresses, display names, or decision-comment text
  • diagnostic logging is time-bounded and administrator-controlled
  • logs are managed through Atlassian Forge logging infrastructure

No secrets are intentionally exposed in source-controlled documentation, URLs, or runtime logs.

Security Practices and Verification

Security verification is treated as supporting evidence, not the sole basis of the trust model.

Secure development practices

  • input validation on resolver payloads and user-controlled inputs
  • output handling designed to reduce XSS risk in Forge UI surfaces
  • structured API usage for Jira and Forge interactions
  • permission validation on privileged operations
  • dependency review as part of release preparation
  • secrets scanning and code review before release

Verification and testing

  • automated unit and integration test coverage across backend and frontend behavior
  • end-to-end UI validation using Playwright against a Jira Cloud environment
  • security-focused test coverage for permissions, edge cases, and failure paths

SonarQube and scan evidence

Each release is scanned with SonarQube (Community Edition) for vulnerabilities, bugs, code smells, and security hotspots.

A Security Rating
A Reliability Rating
A Maintainability
0 Open Hotspots
Metric Value
Open vulnerabilities 0
Open bugs 0
Code coverage (combined) 79.9%
Line coverage 78.3%
Branch coverage 87.3%
Lines of code ~15,800

Full scan reports and supporting materials are available upon request during procurement or security review.

Vulnerability and Incident Response

If you discover a security issue in Business Sign-off, report it to security@cahabaforge.com with relevant reproduction details.

Responsible disclosure expectations:

  1. Email security@cahabaforge.com with "SECURITY" in the subject line.
  2. Include a description of the issue and steps to reproduce.
  3. Do not publicly disclose the issue until a fix or mitigation is available.

Cahaba Forge targets the following remediation timelines for confirmed vulnerabilities in the app’s own application code:

  • Critical: within 2 weeks of confirmation
  • High: within 4 weeks of confirmation
  • Medium / Low: in the next scheduled release

If a security incident or critical vulnerability affects the app, Cahaba Forge will coordinate notification to Atlassian and affected customers as appropriate. Issues originating in Atlassian-managed infrastructure, Forge platform services, or Jira Cloud are subject to Atlassian’s own incident-response processes, though Cahaba Forge will assist in reporting and coordination where applicable.

Third Parties / Subprocessors

For the cloud app runtime:

  • Atlassian is the infrastructure subprocessor for hosting, storage, and platform execution
  • no additional external subprocessors are used for normal app runtime data flow, based on the current architecture
  • the app does not use cookies, analytics scripts, tracking pixels, or client-side tracking technologies

The app makes one Atlassian-operated reporting call required for Marketplace privacy compliance: a scheduled report of stored Atlassian account IDs to Atlassian’s personal-data reporting endpoint. This is part of Atlassian’s cloud app privacy model and is not third-party data sharing outside the Atlassian platform.

Additional Documentation

Request a Full Report

If your organization requires additional review materials as part of procurement or security assessment, Cahaba Forge can provide:

  • scan summaries and supporting reports
  • dependency bill of materials
  • architecture and data-flow overview
  • responses to customer security questionnaires

Contact us at security@cahabaforge.com or through our contact page. Product documentation is also available from the documentation index.

← Back to Documentation