![]() ![]() Please note that an admin can also be listed as a security contact. The following guide explains how to get access to AMS. You must identify at least one email as a security contact and have them create an account on so that they are notified about vulnerabilities in the app via Atlassian Marketplace Security (AMS) tickets. The following guide explains how to handle a security incident.ġ3. You must notify Atlassian of all security incidents via ECOHELP. The following page explains Atlassian’s Security Bug Fix Policy for Marketplace Apps.ġ2. You must know, understand, and follow our Security Bug Fix Policy. This requirement does not prohibit apps from storing credentials used to access non-Atlassian applications.ġ1. Once the API supports approved authentication methods, the app developer will be given a reasonable amount of time to migrate away from using Atlassian API tokens. If an app is currently requesting or storing Atlassian API tokens in order to access a REST API that does not currently support authentication from apps, the app developer can notify Atlassian and receive a temporary waiver for this requirement while Atlassian makes the proper changes to our API to support authenticated requests from apps. An application must not collect or store credentials belonging to Atlassian user accounts such as user passwords or user API tokens. When vulnerabilities in these libraries and dependencies are discovered, application developer must remediate them as quickly as possible.ġ0. ![]() An application must not use versions of third-party libraries and dependencies with known critical or high vulnerabilities. Untrusted data is any input that can be manipulated to contain a web attack payload.ĩ. An application must validate and sanitize all untrusted data and treat all user input as unsafe to mitigate injection-related vulnerabilities. When applicable, an application must enable security headers and cookie security attributes.Ĩ. An application must maintain and securely configure domains where the application is hosted.ħ.
0 Comments
Leave a Reply. |