Security Overview

Secure by design for Jira admins and engineering leadership

Copilot AI Metrics for Jira is designed to support security review with Forge-native secret handling, read-only Jira access, and tightly limited external calls.

Forge-native secret handling

GitHub Personal Access Tokens and optional custom API keys are intended to be stored in Atlassian Forge encrypted storage rather than in the browser.

Read-only Jira access

The product is positioned for analytics and reporting only. It reads Jira context but does not modify Jira issues or workflow state.

GitHub API proxying through the backend

Live GitHub data requests are designed to run through the Forge backend so credentials are not exposed in the frontend experience.

Limited external network calls

External API access is intentionally narrow and limited to `api.github.com` for GitHub Copilot data retrieval.

Read Privacy Policy Read Terms of Use