GitHub links

Security & Privacy

Data handling

GitHub Links for Jira is built on the Atlassian Forge platform:

  • App code runs inside Atlassian's own infrastructure. No data is routed through Move Work Forward servers for the core enrichment flow.

  • GitHub data is fetched on demand and rendered directly in the Jira panel. It is not stored persistently outside of Atlassian Forge's secure storage.

  • GitHub credentials (App installation tokens) are stored in Forge's encrypted storage:app scope and are never exposed to the browser.

GitHub App permissions

The GitHub App requests the minimum read-only permissions required to fetch the data shown in the panel. Default permissions cover code, pull requests, issues, commits, and repository metadata. Optional permissions for Discussions, Code scanning, and Security advisories are requested separately and are not enabled by default.

EULA and Privacy Policy

The End User Licence Agreement and Privacy Policy are available from the Move Work Forward website and from the Atlassian Marketplace app listing. Please review these documents before using GitHub Links for Jira Cloud.

Bug Bounty

Move Work Forward operates a responsible disclosure and bug bounty programme. If you discover a security vulnerability in GitHub Links for Jira Cloud, please report it through the official programme rather than publicly disclosing it. Contact details are available from the support documentation.

For full details on security practices, EULA, and Privacy Policy, visit help.moveworkforward.com.


Updated: