F.A.Q.
The importance of (data) security can not be overstated. These are some questions and answers that may help you evaluate Git for Confluence for your use.
Does Git for Confluence store files from Git repositories?
Git for Confluence does not store or cache Git files. Git files are retrieved from the Git repository every time someone views the macro on the Confluence Page. As an added bonus, this makes updates to the files at the Git provider appear instantly in Confluence as well.
What information does Git for Confluence store?
Once you add a Git for Confluence macro on a Confluence page this information will be stored in Confluence (on the page).
The URL to the Git file
Display options (i.e. "include file as downloadable", etc.)
When someone views the Confluence page with the macro on it, this information is send to the Git for Confluence servers. The Git for Confluence app will try to fetch the file based on the URL. If the file is in a public repository, it will be displayed.
What happens if the URL leads to a private repository?
When a file is located in a private repository a notification will be shown that access is needed to share the file. The user will be prompted to sign in with their Git provider account. If the user signs in, the user can share the file on behalf of themselves.
When a user signs in, Git for Confluence will store this information:
The Confluence user's ID, also known as Atlassian Account ID
The OAuth 2.0 token, to make calls to the Git provider on behalf of this user
When a user actually shares a file, some additional information will be stored:
An entry in the audit log to indicate that this action has taken place
A record that URL "X" is shared by Confluence user "Y" on Confluence page "Z".
This information is necessary to use the right OAuth 2.0 token to fetch the file from a private repository.
What permissions do I give to Git for Confluence by signing in to my Git provider?
Permissions needed (also known as OAuth scopes) are different for each Git provider. A detailed description of the OAuth scopes, why they are necessary and which API endpoints are being called is provided for each supported Git provider.
Are there any compliancy standards you maintain?
Avisi Apps takes security very seriously and maintains the following certifications and declarations:
We have a SOC 2 declaration 🔒
We are ISO 27001:2022 and ISO 27701:2019 certified 🔑
We maintain all GDPR standards 📋
Furthermore we participate in all Atlassian programs regarding security:
Cloud Fortified certification
Security Self-Assessment Program
Bug bounty program
Please reach out to us if you have any other questions or would like to receive evidence of our SOC 2, ISO 27001 and ISO 27701 compliance.
More information can be found in our Security Policy.
Last updated