Assess Atlassian Cloud with cnspec
Query and assess Atlassian Cloud Jira, Confluence, and Admin with cnspec
Rely on cnspec to query and assess your Atlassian Cloud resources, including Jira projects and issues, Confluence spaces, Admin organization settings, and SCIM user provisioning.
Prerequisites
To analyze your Atlassian Cloud environment with cnspec, you must have:
- cnspec installed on your workstation
- An Atlassian Cloud account with appropriate access
- API tokens for the Atlassian products you want to query (to learn how to create API tokens, read Manage API tokens for your Atlassian account in the Atlassian documentation)
Configure access to Atlassian
The Atlassian provider supports four products, each with its own authentication. You only need to configure the products you want to scan.
Jira
To scan Jira, provide your Atlassian site host, email address, and API token:
cnspec shell atlassian jira --host https://example.atlassian.net --user your@email.com --user-token YOUR_USER_TOKEN| For... | Substitute... |
|---|---|
--host | Your Atlassian site URL (such as https://yoursite.atlassian.net) |
--user | The email address for your Atlassian account |
--user-token | Your Atlassian API token |
You can also set these environment variables instead of passing flags:
ATLASSIAN_HOSTATLASSIAN_USERATLASSIAN_USER_TOKEN
Confluence
Confluence uses the same authentication as Jira:
cnspec shell atlassian confluence --host https://example.atlassian.net --user your@email.com --user-token YOUR_USER_TOKENAtlassian Admin
To query Atlassian Admin (organization-level settings), you need an admin API token. To learn how to create one, read Manage an organization with the admin APIs in the Atlassian documentation.
cnspec shell atlassian admin --admin-token YOUR_ADMIN_TOKENYou can also set the ATLASSIAN_ADMIN_TOKEN environment variable.
SCIM
To query SCIM (user provisioning through an identity provider), provide your directory ID and SCIM token:
cnspec shell atlassian scim DIRECTORY_ID --scim-token YOUR_SCIM_TOKENScan Atlassian
To scan your Atlassian Jira environment:
cnspec scan atlassian jira --host https://example.atlassian.net --user your@email.com --user-token YOUR_USER_TOKENYou can also create your own policies to meet your specific requirements.
Explore your Atlassian environment
Jira
List all projects:
cnspec> atlassian.jira.projects
atlassian.jira.projects: [
0: atlassian.jira.project name="Engineering"
1: atlassian.jira.project name="Support"
...
]Retrieve project details:
cnspec> atlassian.jira.projects[0] { name key archived private }List users and their account types:
cnspec> atlassian.jira.users { name type }List issues with their status:
cnspec> atlassian.jira.issues { id status project typeName }List groups:
cnspec> atlassian.jira.groupsRetrieve server information:
cnspec> atlassian.jira.serverInfo { baseUrl serverTitle deploymentType }Confluence
List users:
cnspec> atlassian.confluence.usersAdmin
Retrieve organization details:
cnspec> atlassian.admin.organization { name type }List domains:
cnspec> atlassian.admin.organization.domains { name type }List managed users:
cnspec> atlassian.admin.organization.managedUsers { name email status lastActive }List organization policies:
cnspec> atlassian.admin.organization.policies { name policyType status }SCIM
List SCIM-provisioned users:
cnspec> atlassian.scim.users { name displayName title organization }List SCIM groups:
cnspec> atlassian.scim.groupsLearn more
-
To learn more about how the MQL query language works, read Write Effective MQL.
-
For a list of all the Atlassian resources and fields you can query, read the Atlassian Resource Pack Reference.