attachmentAV for Atlassian Jira: Security
attachmentAV for Atlassian Jira is secure by default. When you upload an attachment, our scanners are notified, download the attachment, scan it, and delete it. We don’t keep a copy of your data.
Jurisdiction (#)
attachmentAV for Atlassian Jira scans attachments (process your data) in the jurisdiction/region/location of your choice to help you meet data residency requirements.
To choose a jurisdiction, follow Atlassian Support.
Permissions (#)
OAuth 2.0 scopes (#)
attachmentAV for Atlassian Jira requests the following OAuth 2.0 scopes during installation to access your Jira instance:
| Category | Scope | Atlassian description | attachmentAV description |
|---|---|---|---|
| Forge platform scope | storage:app | Enables the App storage API. | to store scan results & configuration on the Atlassian platform |
| Forge platform scope | read:app-system-token | Enables Forge to pass a token to a remote backend, that can be used to invoke Atlassian product REST APIs with the permissions of the app “bot” user. | to run the full scan outside of Forge on our backend |
| Jira granular scope | read:application-role:jira | View application roles | to get issue attachment metadata |
| Jira granular scope | read:attachment:jira | View attachments | to get issue attachment download URL & metadata |
| Jira granular scope | read:audit-log:jira | View audit logs | to list attachments in backend |
| Jira granular scope | read:avatar:jira | View avatars | to add a comment to an issue, get issue metadata, get issue attachment metadata, list attachments in backend |
| Jira granular scope | read:comment.property:jira | View comment properties | to add a comment to an issue |
| Jira granular scope | read:comment:jira | View comments | to add a comment to an issue |
| Jira granular scope | read:field-configuration:jira | Read field configurations | to get issue metadata, list attachments in backend |
| Jira granular scope | read:group:jira | View groups | to add a comment to an issue, get issue attachment metadata |
| Jira granular scope | read:issue-details:jira | View issue details | to list attachments in backend |
| Jira granular scope | read:issue-meta:jira | View issue meta | to get issue metadata, list attachments in backend |
| Jira granular scope | read:issue-security-level:jira | View issue security levels | to get issue metadata |
| Jira granular scope | read:issue.changelog:jira | View issue changelogs | to get issue metadata |
| Jira granular scope | read:issue.vote:jira | to get issue metadata | |
| Jira granular scope | read:issue:jira | View issues | to get issue metadata |
| Jira granular scope | read:project-role:jira | View project roles | to add a comment to an issue |
| Jira granular scope | read:project:jira | View projects | to add a comment to an issue |
| Jira granular scope | read:status:jira | View statuses | to get issue metadata |
| Jira granular scope | read:user:jira | View users | to add a comment to an issue, get issue metadata, get issue attachment metadata |
| Jira granular scope | delete:attachment:jira | Delete attachments | to delete infected/unscannable attachment |
| Jira granular scope | write:comment:jira | Create and update comments | to add a comment to an issue |
| Jira classic scopes | read:jira-work | View Jira issue data | required by event avi:jira:created:attachment |
Encryption (#)
In transit (#)
All network communication is TLS encrypted using HTTPS.
At rest (#)
Your attachments are temporarily stored on encrypted disks on our scanners. Attachments are deleted right after the scan.