Contents        

We take data security very seriously so we use only trusted service providers with the highest security standards. On this page, you will find details on how we secure our clients' data. If you think something is missing or you have any security related questions please let us know at Spartez Support Portal or support@spartez.com.

This document contains information for TFS4JIRA server and TFS4JIRA cloud 

Connection credentials

TFS4JIRA Synchronizer needs to store credentials for JIRA and TFS / Azure DevOps (formerly VSTS) - every password provided is stored in an encrypted(AES) form. (since version 7.1.2)

TFS4JIRA Server

In TFS4JIRA server all data is stored/processed in client infrastructure. The only thing, that is sent outside, are product analytics that does not contain any personal data

Private data stored / processed by TFS4JIRA components

ComponentData processed/storedRemarks

Jira Server App

YOUR INFRASTRUCTURE

Change set metadata : author, comment etc.

Just processed, nothing is stored.

No source code is processed.

Synchronizer

YOUR INFRASTRUCTURE

TFS / Azure DevOps (formerly VSTS) usernameFor synchronisation profiles and checkins scanning connection configurations.

Jira usernameFor synchronisation profiles.

Mapping configurations provided by TFS4JIRA user.Any mappings configuration, that can contain private data (e.g. users mappings)

Data synchronised by TFS4JIRAAny private data that is configured, by TFS4JIRA user, to be synchronised between TFS / Azure DevOps (formerly VSTS) and Jira.

Change set metadata : author, comment etc.


TFS4JIRA Cloud

In our Jira Cloud solution most of the data is processed/stored by TFS4JIRA Synchronizer component - which runs in client infrastructure.
Only data needed for Jira Cloud app are processed (proxied) trough our infrastructure. See below table, diagram and description for details.  

Security rules

  • All external incoming or outgoing connections (or connection that go via public network) are made using secure protocol (for example: https,ssh). 
    If secure protocol cannot be used the sensitive content must be protected by other means.
  • Every connection, that is crossing network border(external or internal, physical, virtual or logical), is protected by at least one security measure (certificate, jwt token, etc).
  • No security measure can be used to cross multiple network borders. 
    For example, if we protect connections to Cloud external using Certificate A, then it cannot be used to protect connections to Cloud internal
  • Application data is stored in separate, dedicated database.

Logs

We collect various logs (access logs, application logs). Maximum retention period for TFS4JIRA Cloud logs is 14 days.

Change sets data additional encryption.

Due to possibility that, in some scenarios, the Synchronizer is deployed without https (against recommendations), we have implemented additional, custom, data encryption for change sets. All this data is secured using AES cipher with an encryption key provided in TFS4JIRA plugin configuration.

TFS4JIRA cloud architecture overview

overview


Private data stored / processed by TFS4JIRA components

ComponentData processed/storedRemarks

Jira Cloud app

ATLASSIAN INFRASTRUCTURE

Change set metadata : author, comment etc.

Just processed, nothing is stored.

No source code is processed.

Synchronizer

YOUR INFRASTRUCTURE

TFS / Azure DevOps (formerly VSTS) usernameFor synchronisation profiles and checkins scanning connection configurations.

Jira usernameFor synchronisation profiles.

Mapping configurations provided by TFS4JIRA user.Any mappings configuration, that can contain private data (e.g. users mappings)

Data synchronised by TFS4JIRAAny private data that is configured, by TFS4JIRA user, to be synchronised between TFS / Azure DevOps (formerly VSTS) and Jira.

Change set metadata : author, comment etc.
Additional info for TFS4JIRA cloud users:

TFS4JIRA cloud backend

SPARTEZ INFRASTRUCTURE

Change set metadata : author, comment etc.No data is stored, it is just passed (proxied) from the Synchronizer to Jira Cloud user browser.

Data subprocessors for TFS4JIRA Cloud

TFS4JIRA cloud is using the following services as a sub processors:

Other services for TFS4JIRA  Cloud

  • No labels

This page has no comments.