We want to set up integration between Jira and GitHub to start to pull useful information about branches, commits etc into Jira issues. However, it has been pointed out that the integration requires read AND write access. I understand that write access is needed to create branches from Jira but this has raised some security questions at my company.
I am interested in anyone's thoughts on this? Does the benefit of being able to create branches from Jira outweigh the increased security risk? Is there a way of creating the integration so that its read only?
All thoughts and views welcome!
Thanks!
John
Thanks for the reply!
I have already read the FAQ and understand that the write access is needed so that Jira can create branches.
I am wondering whether anyone has any thoughts or concerns around that? By granting write access we are allowing Jira (and by extension Atlassian) to change the content of our repositories. I know that is not the intended purpose - but it is still possible.
I dont have any strong views on this myself but I know that some in our security team do. I am curious what other people think.
Another way to think about it...
Imagine Atlassian own a parking lot and I own a very valuable car. I want to use the Atlassian parking lot one day but I am told that I need to leave the keys to my car with Atlassian to do so. I am reassured by Atlassian that they wont unlock or move the car or allow anyone inside of it and they only want the keys in case the alarm malfunctions and needs to be reset.
I dont get to see where Atlassian keeps my car keys and I only have their word on what they will use the keys for.
Should I trust them at their word and leave the keys with them?
I'm inclined to do as Atlassian ask because they are quite reputible but my friend, who is an expert on such things, is advising me not to do it.
So how should I proceed?
Recommended Learning For You
Level up your skills with Atlassian learning
Atlassian DevOps Essentials
Learn to manage the product lifecycle by building, automating, and improving processes with Atlassian's approach to DevOps.
Jira Automation
Reduce project complexity and optimize your team's processes through the power of automation.
Bitbucket Pipelines Configuration
Build better software and release more often by learning how to implement a CI/CD solution with Bitbucket Pipelines.