Security Challenges in App Development

Achieving a cloud security badge is a commendable feat, but it comes with its own set of challenges. Participation in bug bounty programs, like Bugcrowd, introduces us to exceptional security researchers who help enhance the app’s security. However, the unpredictable nature of security vulnerability reports can disrupt our task roadmap. Developers must swiftly switch contexts, investigating and resolving issues across various app sections. While this process is invaluable, its timing remains uncertain, demanding vigilant and timely security management.

Additionally, we diverge from using the Atlassian framework to integrate with Jira/Confluence, opting for our in-house solution. This decision grants us flexibility to address security concerns independently. Despite the advantages, it requires ongoing maintenance, especially when Atlassian introduces new “security” rules to their automatic scanner. Adhering to these rules involves meticulous attention on our end.

As developers creating plugins for Atlassian, we encounter occasional bugs in Jira or Confluence. Reporting these issues to Atlassian doesn’t always result in immediate solutions; minor bugs may persist for an extended period. Furthermore, some crucial API endpoints are missing, making it challenging to accomplish tasks via API that should ideally mirror UI capabilities. This occasional lack of API functionality necessitates creative workarounds, consuming valuable time and effort.

We occasionally delve into undocumented parts of the API, driven by necessity when no other options are viable. However, the uncertainty of these undocumented features, susceptible to change without warning, adds an element of risk to our development process.

License Management Quandaries

While we are fortunate to delegate payment-related tasks to Atlassian, occasional discrepancies arise. Instances where a client has paid, but our API indicates an expired license prompt us to disable our apps. Moreover, our support is constrained by Atlassian’s payment models, limiting our flexibility to accommodate client preferences.

Jira and Confluence Complexity

Understanding the intricacies of Jira and Confluence, products with years of evolution and migration, is a formidable task for new developers. The niche market for Atlassian apps compounds the challenge, making it difficult to find experienced professionals. Introducing individuals to the inner workings of Atlassian tools becomes a crucial part of our onboarding process.

Webhook Delivery and Uptime Challenges

Certain apps depend on webhook delivery for events from Jira or Confluence, such as notifying external users of shared page changes. As our apps gain traction with larger clients, unexpected spikes in traffic necessitate performance improvements. Implementing a zero-downtime release strategy becomes imperative to ensure continuous service, especially during server updates. This effort is essential to prevent any loss of events and maintain a seamless user experience.