Security Overview

Forge platform security

WatcherSync is a Forge-native application, meaning it runs entirely within Atlassian's managed infrastructure. There is no self-hosted server component.

• Sandboxed execution: code runs in an isolated, managed runtime environment controlled by Atlassian.
• Managed hosting: Atlassian handles infrastructure, scaling, and availability.
• Built-in app identity: uses Forge authentication (asApp()) without stored credentials.
• Content Security Policy: Forge enforces strict CSP headers to reduce XSS and exfiltration risk.

See Atlassian’s Forge security documentation: https://developer.atlassian.com/platform/forge/security/

Network security

WatcherSync makes zero external network calls. The only communication is between Forge runtime and Jira’s internal APIs within Atlassian’s infrastructure.

Data storage & encryption

All persistent data is stored in Atlassian Forge Storage (encrypted at rest and in transit, tenant-isolated). Stored data is operational and non-sensitive: project enable/disable toggles, aggregate counters, timestamps, and idempotency markers.

No personal data, user identifiers, issue content, or credentials are written to storage.

Permissions (scopes)

WatcherSync requests the minimum scopes required:

• read:jira-work — read watcher lists and issue context to determine what to copy.
• write:jira-work — add watchers to subtask issues.
• storage:app — store per-project configuration and aggregate counters in Forge Storage.

The app does not request scopes for managing users, accessing admin settings, reading/writing issue content beyond watcher operations, or making external API calls.

Incident response

In the unlikely event of a security concern related to WatcherSync, contact [email protected]. We’ll investigate and respond within 48 hours.