Jira Compliance Plugin

This plugin for the compliance-framework evaluates Jira and Jira Service Management (JSM) data to ensure Change Request processes are properly followed prior to new deployments.

Features

Authentication: Supports OAuth2 (2-Legged OAuth / Client Credentials) and API Tokens.
Data Collection:
- Jira Platform: Projects, Workflows, Schemes, Issue Types, Custom Fields, Audit Records, and Permissions.
- Jira Service Management: Native Approvals and SLAs.
- Jira Software: Development Information (GitHub PRs/commits) and Deployment events.
Policy Evaluation: Integration with OPA policies to calculate compliance evidence based on collected Jira metadata.

Setup Instructions

1. Authentication Setup

The plugin supports two authentication methods:

Option A: Service Account + OAuth2 (Recommended for Cloud)

This method uses Jira's OAuth 2.0 (3LO) for apps or more specifically, for service-to-service integrations, you typically use API Tokens with a Service Account or OAuth 2.0 Client Credentials (if available for your organization).

How to set up a Service Account:

Create a dedicated Atlassian account (e.g., compliance-bot@yourcompany.com).
Invite this account to your Jira instance.
Follow Atlassian's guide on Service Accounts.

Option B: API Token (Fallback)

Log in to Jira as the Service Account.
Go to Account Settings > Security > API Tokens.
Create a new API token and save it securely.

2. Minimal Permissions (Scopes)

The Service Account needs the following minimal permissions to collect compliance data:

Global Permissions:
- Browse Users (to see approvers and authors)
Project Permissions (for all target projects):
- Browse Projects
- View Development Tools (for Software API dev links)
- Administer Projects (optional, for detailed workflow/scheme inspection)
OAuth Scopes (Cloud):
- read:jira-work
- read:jira-user
- read:servicedesk-request
- manage:jira-configuration (for workflows and schemes)

Configuration

The plugin is configured via the PluginConfig structure:

Parameter	Description
`base_url`	The URL of your Jira instance (e.g., `https://your-domain.atlassian.net`)
`auth_type`	`oauth2` or `token`
`client_id`	OAuth2 Client ID (for `oauth2` auth)
`client_secret`	OAuth2 Client Secret (for `oauth2` auth)
`api_token`	API Token (for `token` auth)
`user_email`	Service Account email (for `token` auth)
`project_keys`	Comma-separated list of Project Keys to monitor
`policy_labels`	JSON map of labels to attach to generated evidence

Usage

The plugin implements the Runner interface and is executed by the compliance agent.

# Example execution (internal to framework)
./plugin-jira --config config.json

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
.github/workflows		.github/workflows
internal/jira		internal/jira
.gitignore		.gitignore
.goreleaser.yaml		.goreleaser.yaml
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
config-example.yaml		config-example.yaml
go.mod		go.mod
go.sum		go.sum
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Jira Compliance Plugin

Features

Setup Instructions

1. Authentication Setup

Option A: Service Account + OAuth2 (Recommended for Cloud)

Option B: API Token (Fallback)

2. Minimal Permissions (Scopes)

Configuration

Usage

References

About

Uh oh!

Releases 2

Packages

Uh oh!

Languages

License

compliance-framework/plugin-jira

Folders and files

Latest commit

History

Repository files navigation

Jira Compliance Plugin

Features

Setup Instructions

1. Authentication Setup

Option A: Service Account + OAuth2 (Recommended for Cloud)

Option B: API Token (Fallback)

2. Minimal Permissions (Scopes)

Configuration

Usage

References

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 2

Packages 0

Uh oh!

Languages

Packages