Our team exploring Atlassian Compass tool and finding it very promising & useful for developer experience metrics from our current toolset [ Jira, Bit bucket, etc.]
While exploring Bit Bucket integration with Atlassian Compass, we noticed a few points and would like to seek below clarifications from Compass team :
Why delete permission is required for Compass for bit bucket integration?
- Currently this integration is linked at the Workspace level . Can this be configured at the repository level rather than the workspace level
( It seems like Compass, when integrating with BitBucket, needs full read/write permissions over the whole BitBucket tenant. This means that if/when Compass gets compromised this means that the data in our whole BitBucket tenant can be exfiltrated or wiped or otherwise its operation disrupted.)
Also , we would like to know if Compass team has a security audit report for the tool, or SOC2 audit or equivalent. If yes, Can you please share the same with us.
