KUBERSTARKUBERSTAR
FileWarden · Security

Security Policy

Last updated: June 21, 2026

FileWarden is an Atlassian Forge app. It runs entirely on Atlassian-hosted compute and storage, makes no external network egress, and stores no data outside Atlassian - eligible for the Runs on Atlassian badge. TLS 1.2+/HSTS and 30-day data deletion on uninstall are provided by the Forge platform.

Runs on Atlassian

Every part of FileWarden - compute and storage - runs on Atlassian-hosted infrastructure. There is no external service, no egress, and no partner-side data store, so the attack surface outside Atlassian is none.

Reporting a vulnerability

Found something? Tell us privately.

Please report suspected security issues privately - do not open a public GitHub issue.

Email us

Write to security@kuberstar.com. The security contact for this app is registered on an ecosystem.atlassian.net account, per Atlassian's requirements.

Or via Atlassian

Raise a ticket through the Atlassian Marketplace AMS process, which routes security reports to the registered contact.

Remediation SLAs

Fix windows we commit to.

We follow Atlassian's Marketplace Security Bug Fix Policy remediation SLAs.

SeverityCVSSFix within
Critical≥ 9.010 days
High≥ 7.04 weeks
Medium≥ 4.012 weeks
Low< 4.025 weeks
What FileWarden touches

A small, explicit footprint.

What it does

  • Reads issue and attachment metadata, lists projects, and checks permissions.
  • Scans the text of text-file attachments on-platform for leaked secrets and PII, without showing or logging the matched value.
  • Removes or quarantines attachments that violate the configured policy.
  • Posts an explanatory comment naming the policy that was broken.
  • Stores policy, settings, and audit records in Forge KVS.

What it does not

  • Collects or stores Atlassian account credentials or API tokens.
  • Calls any external service or performs network egress - the content scan runs entirely on Atlassian.
  • Shows or logs the secret or PII value it matches, or scans binary files for content.

Authorization

Every admin and config resolver endpoint verifies the caller holds the Jira ADMINISTER permission server-side; Pro features additionally require an active license. Background work runs as the app (asApp); user-facing reads run as the user (asUser).

Scopes

Three scopes, no egress.

No other scopes and no external egress permissions are declared.

read:jira-work

Read issues and attachment metadata, read text attachments for the content scan, list projects, check permissions.

write:jira-work

Remove or quarantine violating attachments and post the policy comment.

storage:app

Forge KVS for policies, audit log, idempotency markers, and settings. No external storage.

Questions about this policy? Email security@kuberstar.com or visit the FileWarden support page.