Security posture
- Built on Atlassian Forge
- Operational records stored in Atlassian Forge Storage
- No developer-managed external server required for normal product use
Security
Forge posture, scoped storage, explicit disclosure path.
The product is designed for review before change. The security posture is aligned to that model: no developer-managed external server for normal operation, tenant-scoped handling, auditable actions, and a public disclosure contact.
Stored data
- Atlassian account IDs and display names needed for workflow state
- Activity timestamps and billable-access path metadata
- Dry run, approval, rejection, action, and proof records
- Exception and settings records needed to operate the product
Permissions and action model
- Read scopes for user, group, and application-role discovery
- Storage scope for workspace records and evidence state
- Write group scope used only for approved cleanup execution through group-membership changes
Disclosure path
Send vulnerability or incident reports to support@unitlane.net.
Preferred details: affected site, observed impact, UTC timestamp, Dry Run ID or Action Record ID, and reproduction steps.