Security

Comprehensive security architecture and practices we aim to maintain & protect your data.

Core Security Principles

🔒 Zero Persistence

The app is designed for no data storage and no data persistence.

⏱️ Automatic Cleanup

Sessions expire after 15 minutes of inactivity. All data is promptly purged for inactive sessions.

🔐 End-to-End Encryption

HTTPS everywhere. Encrypted internal tokens. HTTP-only cookies prevent XSS.

🚪 Session Isolation

Each user gets a cryptographically unique session. No cross-contamination between users.

Data Protection

Memory-Only Processing

  • The app does not intentionally write user data to disk under normal operations
  • The app does not store your data in any database
  • Memory cleared promptly upon session end or expiry
  • Infrastructure Server restarts or crashes result in complete data loss (by design)

Credential Encryption

  • App tokens encrypted using Fernet (symmetric encryption)
  • Encryption keys unique to each instance
  • No credentials ever written to disk or logs

Transport Security

  • HTTPS-only enforcement - all network traffic encrypted in transit
  • HTTP-only cookies prevent JavaScript access and XSS attacks
  • CORS validation restricts API access to authorized origins only
  • Direct communication with Jira - no third-party intermediaries

Application Security

Input Validation & Injection Protection

  • JQL Injection Protection: All user inputs sanitized before constructing Jira Query Language (JQL) queries
  • Strict Validation: Project keys, field mappings, and filter values validated against expected formats
  • Type Safety: Pydantic models enforce data types and prevent malformed API requests
  • SQL Injection N/A:The app doesn't currently use a relational DB backend for user data, so SQL injection is not applicable in the current design.

Session Management

  • Secure Session IDs: Cryptographically random session identifiers (UUIDs)
  • HTTP-Only Cookies: Session cookies inaccessible to client-side JavaScript
  • Session Isolation: Each user's data completely isolated from other sessions
  • Automatic Expiration: Sessions expire after 15 minutes of inactivity

Minimal Data Access

  • Metadata Only: Retrieves ticket keys, types, statuses, timestamps, and workflow changes only
  • No Sensitive Content: Never accesses ticket summaries, descriptions, comments, attachments, or user details
  • Rate Limiting: API access is rate limited
  • No Analytics: No tracking, telemetry, or third-party analytics services
  • Direct API Access: Your credentials used only to communicate with your Jira instance

Continuous Security Monitoring

  • Automated Security Scanning: Code analyzed on every commit for vulnerabilities
  • Dependency Monitoring: Python and npm dependencies scanned for known CVEs
  • Regular Updates: Security patches applied promptly when vulnerabilities discovered

Infrastructure Security

Google Cloud Platform (GCP) Security

  • Cloud Run: Serverless isolated container platform
  • Container Security: Minimal attack surface with only required dependencies
  • Network Isolation: Backend not directly accessible from internet
  • Cold Starts: Instances shut down when idle, reducing exposure window

Deployment Security

  • Container: Small footporint reduces attack surface
  • Least Privilege: Service accounts have minimal required permissions

Operational Security

  • No Persistent Logs: Application does not log session data or credentials
  • Infrastructure Logs: GCP may log metadata (IP addresses, timestamps) for operational purposes. Infra logs are not retained and frequently deleted
  • Cost Optimization: Infrastructure scales to zero when not in use

User Best Practices

💡 Recommended: Dedicated API Tokens

Create a dedicated Atlassian API token specifically for use with this tool. Revoke and recreate tokens regularly.

Why? Even if your browser session is compromised, the attacker only gets a limited-scope token that you can immediately revoke.

✅ What We Recommend

  • Create a new API token before each session
  • Revoke the token immediately after your analysis session
  • Use dedicated tokens, not your primary Atlassian API key
  • Clear browser cookies when finished
  • Don't leave sessions open unattended

⚠️ Security Considerations

  • This application has not undergone formal penetration testing
  • Not recommended for highly sensitive or regulated environments without internal review
  • Consult your information security team if unsure about using this tool
  • Review your organization's security policies before use

Threat Model & Mitigations

What We Protect Against

  • XSS Attacks: HTTP-only cookies and input sanitization prevent cross-site scripting
  • Session Hijacking: Secure cookies and HTTPS prevent session interception
  • Data Leakage: Zero persistence ensures no data survives session end
  • Injection Attacks: Input validation and type safety prevent JQL injection
  • Cross-User Data Access: Session isolation prevents users from seeing others' data

Known Limitations

  • Browser Security: If user's browser is compromised, session data is accessible
  • Man-in-the-Middle: Relies on TLS/HTTPS for transport security
  • Memory Dumps: Server memory could theoretically be dumped by someone with access to Cloud infrastructure
  • Jira API Security: Security limited by Atlassian's API security model

Out of Scope

  • This application does not protect against compromised Jira accounts
  • User is responsible for securing their Atlassian API tokens
  • Browser security and endpoint protection is user's responsibility
  • Not designed for compliance with specific regulations (GDPR, HIPAA, SOC2)
Last updated: October 2025