Jigit - Security & Architecture
Short video demo, security and architecture information.
Video Demo
Architecture
Jigit provides uni-directional integration between Jira and GitHub/GitLab using REST API of Source Code platform (GitLab/GitHub → Jira), which means GitLab/GitHub is not aware of Jira.
Jira runs a Jigit scheduled task every 2 minutes using the configuration settings for each rule.
Using REST API of GitLab or GitHub Jigit Jira App retrieves commit information and extracts there all issue keys, like DEV-133, F1-454. When the keys are extracted, the commit information is stored in the Jira’s database (App specific table) and associated with each issue.
When somebody views an issue, they can see the commits in the tab added by Jira Jigit App for that particular issue.
Security considerations
The App settings are stored in a Jira specific storage for apps called - Plugin Settings. It is a table that allows App to store data. Jigit stores data for each rule in a separated entry.
The API key is NOT encrypted, which means that a person who has access to the database potentially can get the key, because of this we advise to use read_api scope for the token.
The Jira App does NOT access the source code.
The Jira App Jigit does NOT send any data outside, as a result we do not have any analytics and we do not know how you may use the App. Please provide your feedback or feature requests by contacting us https://www.moveworkforward.com/company