Jira Security Dashboard on a Forge app

Forge Adopting Forge from Connect
,
1

My publicly listed Connect app is a security tool. Meaning it defines a ‘jiraSecurityInfoProvider’ and pushes vulnerabilities to Jira Security Dashboard.

We are now migrating to Forge, and as atlassian docs say - there is no equivalent forge module for connect’s jiraSecurityInfoProvider. link.

My question is - should the Jira Security Dashboard still work on a Forge app that has the connect module jiraSecurityInfoProvider? For example like this manifest.yml snippet:

connectModules:
  jira:jiraSecurityInfoProvider:
    - homeUrl: https://...
logoUrl: "${CONNECT_LOGO_URL}"
documentationUrl: >-...
actions:
    fetchWorkspaces:
        templateUrl: /jira-cloud/v1.0/dashboard/workspaces/fetch
    fetchContainers:
        templateUrl: /jira-cloud/v1.0/dashboard/containers/fetch
    searchContainers:
        templateUrl: /jira-cloud/v1.0/dashboard/containers/search
name:
value: ...
key: "${JIRA_SECURITY_INFO_PROVIDER_KEY}"

When I try to run it this way, I don’t see any workspaces available in the ‘connect containers’ drawer in Jira Security Dashboard and my remote backend doesn’t receive a request for fetchWorkspaces like it did on Connect.

Connect app - recognized as a security tool and I’m able to connect containers.

image
image2553×836 281 KB

Same app, upgraded to Forge using the descriptor above - not recognized with connected containers (even though there are connected containeres), and doesn’t display any workspaces available to connect.

image
image2553×836 255 KB

Furthermore, when I call the api fetchWorkspaces - link, I do see my workspaces linked. So it’s a matter of communication, where Jira doesn’t invoke the fetchWorkspaces action in my remote Connect server.

Should I expect it to work? Is it a matter of misconfiguration? If so, how can I make my Forge app invoke my remote connect backend correctly for this fetchWorkspaces action? and for fetchContainers, searchContainers in the same manner.

Or is this not supported? If so, all Forge apps aren’t able to support the Jira security dashboard? How can I migrate to Forge with this feature not working for customers that will have their app updated?

Any help would be appreciated, Thanks.

2

My app is registered. I can push data. I linked 3 workspaces successfully, and the GraphQL mainSecurityInJiraQuery returns the edges for my provider, BUT the data field for the security-workspace nodes is null. This indicates the internal resolver cannot read the workspace details from a Forge-backed provider. This is why the UI is empty, and it doesn’t even invoke my remote connect backend.

Response:

{
    "data": {
        "devOps": {
            "providersByIds": [
                {
                    "__typename": "DevOpsSecurityProvider",
                    "providerType": "SECURITY",
                    "id": "Mend-Addon-local-Roy-V2",
                    "name": "Mend - royh-local (Dev)",
                    "linkedWorkspaces": {
                        "edges": [
                            {
                                "node": {
                                    "to": {
                                        "id": "ari:cloud:jira:a28d723a-27be-47b5-ad61-95703a34ea98:security-workspace/activation/604a4c2e-d865-4153-8e5a-3fff9007ed58/Mend-Addon-local-Roy-V2/36b4dc53-8a0f-4a4e-bcef-d7655104f0b1",
                                        "data": null
                                    }
                                }
                            },
                            {
                                "node": {
                                    "to": {
                                        "id": "ari:cloud:jira:a28d723a-27be-47b5-ad61-95703a34ea98:security-workspace/activation/604a4c2e-d865-4153-8e5a-3fff9007ed58/Mend-Addon-local-Roy-V2/8a49e1ce-6f08-4e6a-80f9-b26b6ec1a74f",
                                        "data": null
                                    }
                                }
                            },
                            {
                                "node": {
                                    "to": {
                                        "id": "ari:cloud:jira:a28d723a-27be-47b5-ad61-95703a34ea98:security-workspace/activation/604a4c2e-d865-4153-8e5a-3fff9007ed58/Mend-Addon-local-Roy-V2/fe238097-8609-4f69-bd34-6f23fec5730b",
                                        "data": null
                                    }
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "extensions": {
        "gateway": {
            "request_id": "c72fe251-d19a-400c-b4bc-f370f1edd790",
            "trace_id": "c72fe251d19a400cb4bcf370f1edd790",
            "crossRegion": false,
            "edgeCrossRegion": false
        }
    }
}

Please let me know if this is the expected behavior or a bug. And how can I open a support issue for this?