Technical Factsheet

This technical factsheet provides an overview of the current state of the application & systems landscape for all CollabSoft apps available on the Atlassian Marketplace, for Server, Data Center and Cloud. It covers all technical aspects of the apps, including development methodologies, change management, system architecture, security and third-party integrations.

Development

All our development is either done in our office located in The Hague, The Netherlands or remotely by CollabSoft staff from their preferred location.

Technology stack

All our apps use React+Typescript for any client-side code. We try to use AtlasKit components and/or an implementation of the Atlassian Design Guide (V3) to ensure a uniform user experience and seamless integration with Atlassian host products.

Our on-premise Server and Data Center compatible apps are built upon the Java-based Atlassian P2 Plugin Framework. The Cloud apps use NodeJS+Typescript, and the Express web server implementation.

The proprietary code base is developed and maintained exclusively by CollabSoft, and extended with open source packages via the NPM package manager or the Maven repository. All 3rd party extensions are reviewed prior to being included in any of our apps.

Development methodology

CollabSoft products are built using an adjusted Agile Scrum methodology fitted for working remotely, with product features being developed in a bi-weekly iteration interval. The priority of user stories and bugs are periodically reviewed with all stakeholders and adjusted if required.

Development tooling

The codebase is version controlled and stored in GitHub. CircleCI is used for Continuous Integration & Continuous Deployment (CI/CD). The backlog & short-term roadmap are administered in Atlassian JIRA. Figma is used for creating UI components and prototypes. We use Slack for our developer communications, Status Hero for daily digital standups and Google Workspace for email and collaboration.

Quality assurance

As with any proper implementation of Agile development methodologies, quality assurance is part of our definition of done. The quality assurance process consists of peer reviews, user acceptance testing and automated tests.

Change management

All our apps follow the same Change Management procedure, except for a difference in release strategy for on-premise (Server, Data Center) and hosted (Cloud) apps. User stories and bugs are identified, prioritised and planned for development in one of our bi-weekly sprints. Each story or bug fix is tested individually as part of the definition of done, and a Release Candidate (RC) of the entire set of features is also tested separately.

We use CI with automated test execution. Cloud apps are automatically deployed to a staging environment for testing, Release Candidates of Server and Data Center apps are made available automatically in a Maven repository accessible to our quality assurance team.

Release of Server & Data Center apps

For all self-managed Server and Data Center apps a new version is released to the Atlassian Marketplace if the Release Candidate passes acceptance testing. Each version includes Release Notes that indicate which changes are part of the release. It is up to the discretion of Jira System Administrators to update to the latest version.

Release of Cloud apps

Changes to Cloud apps occur based on Continuous Delivery and Continuous Deployment best practices which allow us to increase customers value in the shortest possible development cycle. Our deployments are triggered at the discretion of our developers when successfully meeting the definition of done of one or more user stories.

Incident Management

CollabSoft is part of all the Atlassian Security Programs and adheres to all requirements Atlassian imposes in regard to incident management. In addition, our Customer Support team is available to receive inquiries and incident reports from customers.

We are committed to resolve issues within the time frame required by Atlassian and outlined in the Security Bug Fix Policy.

System architecture (Cloud apps only)

All cloud apps are hosted on Google Cloud Firebase. Additional Google Cloud Platform (GCP) services may be used by different CollabSoft apps (i.e. Cloud Firestore, Cloud Storage, Redis, etc).

Data residency

All data is stored in Cloud Firestore and/or Cloud Storage services in the EU region. See https://cloud.google.com/about/locations#multi-region for more information on the exact location per service.

All Google Cloud Firebase Functions are served from us-central1, Iowa region. All data submitted from the client-side will be traverse this location prior to being stored in the EU region. As such, our infrastructure does not transfer any personal identifiable information from the client-side to ensure compliance with GDPR.

Security

CollabSoft participates in the Atlassian Bug Bounty program and is subjected to the Atlassian Vulnerability Scanning program EcoScanner.

In addition, a large part of the infrastructure of our cloud apps is operated by Google under shared responsibility. Please refer to https://cloud.google.com/security/ for more information on their security policies.

Access to customer data is limited to authorised personnel only based on the principle of least privilege. Production data is only accessible using GSuite accounts with industry standard security policies implemented (password policy, 2fa).

Users can only access the apps using time-limited JSON web tokens generated by Atlassian specifically for the app. Atlassian host product authorization and access rights are respected where applicable.

Backup & disaster recovery

All customer data is backed up automatically each hour in a Google Cloud Storage bucket as well as an Amazon Web Services S3 storage bucket. Periodic disaster recovery tests allow us to ensure the integrity of the backups.