Fisheye and Crucible: Security of processing
Introduction
The GDPR requires that personal data be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. What measures you use to secure the personal data depend on the type of personal data processed, the risk to the individual and relevant industry standard practices. Security measures implemented will vary on a case-by-case basis, and you should be chosen with the assistance of legal counsel. Below is a summary of security tools and configurations available to you within certain Atlassian products, along with how to implement.
Please note that Atlassian recommends our customers to implement a secure and reliable network that ensures the protection of its users' data in the infrastructure that is hosting our applications.
Infrastructure
Securing Your Infrastructure
Atlassian strongly recommends customers implement SSL to secure the TCP/IP communication between Fisheye and Crucible and its users, or any other system interacting with it. Please read the following documentation on the subject:
Upgrades and Updates
You should keep Fisheye and Crucible up to date is to stay protected from security threats. We recommend upgrading Fisheye and Crucible regularly to the latest release. Release notes will give you an overview of what's changed between versions.
There are several ways to upgrade Fisheye and Crucible, and the method you choose to use depends on the type of environment you use it in.
For more information about support policies used by Fisheye and Crucible, please check Support Policies.
Monitoring
Atlassian provides a best practice guide for system administrators who would like a clearer view of what's happening in their instances, and get the most out of Atlassian Support. The guide describes what we consider the best tools for monitoring and analyzing diagnostic data produced by Atlassian products, and show you the best way of getting this information to the Atlassian Support team when required. More details are available here: Best practices for performance troubleshooting tools.
For large instances of Fisheye and Crucible, enabling JMX lets you monitor the consumption of application resources. This helps you make better decisions about how to maintain and optimize machine resources. More details about JMX monitoring are here: How to monitor Fisheye Crucible using JMX in Linux.
Operating System
Fisheye and Crucible are pure Java-based applications, and should run on any supported operating system, provided that the JDK / JRE requirements are satisfied.
Network
The following guide describes the specific network and connectivity errors that can be diagnosed automatically by application links and the actions you can take to correct those errors. It also provides a general troubleshooting guide to help you identify and correct network and connectivity errors that may occur when using Fisheye and Crucible application links: Network and Connectivity Troubleshooting Guide.
Database
Fisheye and Crucible supports several popular databases. Choosing the proper database may significantly affect your subsequent experience.
FishEye and Crucible use the BoneCP connection pool manager to manage connections to the database. The BoneCP connection pool manager has been preconfigured in FishEye and Crucible to work out-of-the-box for most customers. However it is possible to change the default settings to fine tune performance: Configuring the database connection pool.
Repository authentication
Fisheye and Crucible support several methods of authentication to the repository. Possible options vary per repository type (Supported SCMs). Detailed information about authentication methods can be viewed here: Repository Authentication
Access restriction
Fisheye and Crucible has multiple options to restrict access for particular resources. More detailed information can be found here: Fisheye and Crucible: Data protection by design and by default.
Backup and Restore
Fisheye and Crucible supports generating backups, automated backups and restoring them: Backing up and restoring Fisheye data.
Atlassian Security & Bug Bounty Program
Atlassian releases regular security advisories reports to inform our customers about the vulnerability bug. These can be viewed and tracked in the Security advisories.
Moreover, Atlassian offers the community a way to contribute in enhancing the security of our products through the Vulnerability Bug Bounty Program.
Additional notes
There may be limitations based on your product version.
Note, the above-related GDPR workaround has been optimized for the latest version of this product. If you are running on a legacy version of the product, the efficacy of the workaround may be limited. Please consider upgrading to the latest product version to optimize the workarounds available under this article.
Third-party add-ons may store personal data in their own database tables or on the filesystem.
The above article in support of your GDPR compliance efforts applies only to personal data stored within the Atlassian server and data center products. To the extent you have installed third-party add-ons within your server or data center environment, you will need to contact that third-party add-on provider to understand what personal data from your server or data center environment they may access, transfer or otherwise process and how they will support your GDPR compliance efforts.
If you are a server or data center customer, Atlassian does not access, store, or otherwise process the personal data you choose to store within the products. For information about personal data Atlassian processes, see our Privacy Policy.