Support & Downloads

Izymes builds easy-to-use apps for Atlassian applications that boost your productivity, free you from performing repetitive tasks inside Confluence, Jira and Bitbucket and enable you to use your time for what you do best – YOUR job.

Book a Demo

Interested in a 1-on-1 demonstration of Izymes’s products?
Here we will walk you through;

• All features and benefits of the product you are interested in trying.
• How to set up the account and configure the settings.
• Other tips, tricks and best practices.

It will also give us time to answer any questions you may have, or perhaps you just want to have a chat, we love a good chat.
You can schedule a time on the Calendly link below. Talk soon!

Contact Info
HQ Southport
Queensland, Australia
[email protected]
Follow Us

Security Practices

At Izymes we take application and data security seriously. Below we detail our current practices.

Security and vulnerability management.

We align with the Security Severity Levels published by Atlassian.

As an Atlassian Marketplace Partner we adhere to Atlassian’s security requirements for Cloud applications. We constantly monitor security updates and releases by Atlassian and implement recommendations and required updates immediately.

Izymes also participate in the Atlassian Marketplace Security Bug Bounty Program. This bug bounty program has consistently been recognised as one of the best in the industry, and enables us to leverage a trusted community of tens of thousands of researchers to test our products constantly and report any vulnerabilities they find.

 

On this page

Security and vulnerability management
Enforcement procedure
Security and bugfix SLA
Vulnerability and release management
Development process
Vulnerability and security process
Deployment process

If you believe you have found or experienced a security vulnerability with an Izymes product or service please raise a security incident.

 

Enforcement procedure

Izymes follows security best practices and application security defenses that prevent security vulnerabilities being introduced into our apps. Should a vulnerability be found or reported Izymes follows the Atlassian security enforcement procedure.

 

Security bug fix SLAs

Izymes as an Atlassian Marketplace partner adheres to the Atlassian Marketplace Bugfix SLAs for both cloud and server apps.

Severity CVSS Score Timeframe for resolution
Critical CVSS v3 >= 9.0 Must be fixed within 90 days of being reported and CVSS scored.
High CVSS v3 >= 7.0 Must be fixed within 90 days of being reported and CVSS scored.
Medium CVSS v3 >= 4.0 Must be fixed within 90 days of being reported and CVSS scored.
Low CVSS v3 < 4.0 Must be fixed within 180 days of being reported and CVSS scored

Vulnerability and Release Management

Izymes follows formal software development, release, deployment and operations practices as outlined in AICPA/SOC guidelines.

We use our own Workzone for Bitbucket app to implement the SDLC lifecycle process.

Development process

  1.  Create formal feature, bugfix or hotfix ticket to track progress
  2. Development team uses git flow branching model, commits changes and pushes a feature/bugfix branch to the origin of the app repository in Bitbucket (Cloud)
  3. Committer creates a pull request to main branch.
  4. Workzone adds reviewers and groups based on changes to the pull request.
  5. The pull request can only be merged by Workzone, no other user is permitted.
  6. Reviewers/groups must approve the pull request based on configured approval quota.
  7. On vulnerability check pass and meeting the approval condition Workzone merges the pull request.

Vulnerability/Security Scan

  1. An automated security and vulnerability checker Snyk for Bitbucket performs security scan with a pass or fail. A fail blocks the open pull request.

Deployment process (cloud apps)

  1. Build appllication and unit tests are performed in Bitbucket (Cloud) pipeline.
  2. App is deployed to staging environment
  3. Automated end-to-end UI tests are performed by Bitbucket pipeline in staging environment
  4. App deployed to production environment (manual trigger) via Bitbucket pipeline
  5. Production environment manual base-test and results documentation performed by team member.