Document security considerations for the GitLab for Jira Cloud app
Add a section to the GitLab for Jira Cloud app that answers common security questions:
From @apham4
- How is the OAuth API read/write access used?
- What other access is included in the read/write access?
- How does OAuth for the GitLab for Jira app work?
- Are requests incoming from Jira limited to certain projects?
- Can Jira retrieve source code?
- What access does GitLab have to Jira?
- How is access to Jira granted for GitLab?
From @obicke
- Has GitLab completed or achieved one or more security certifications (regarding Jira)? If yes, which ones
- Does GitLab only have access to information contained in Jira? (not other Atlassian products) #396424 (comment 1314803463)
- Does the app store data in (i) the main product (Confluence/Jira/Slack), (ii) Amazon Web Services (AWS), (iii) Google Cloud Platform, or (iv) Microsoft Azure? If so which one? #396424 (comment 1314061726)
- Can customer admins or individual users control the app settings and access permissions to limit the data/information the app accesses/stores/sees? #396424 (comment 1314056721)
- Is the GitLab for Jira app easily uninstalled with minimal disruptions to the user experience? #396424 (comment 1314814000)
Edited by Omar Bickell