Query Atlassian Cloud with cnspec
Query Atlassian Cloud Jira, Confluence, Admin, and SCIM with cnspec.
Query and explore your Atlassian Cloud resources with cnspec, including Jira projects and issues, Confluence spaces, Admin organization settings, and SCIM user provisioning. Use the Atlassian provider inside your own policies to enforce checks against Jira, Confluence, or directory data.
Prerequisites
To query Atlassian Cloud with cnspec, you must have:
- cnspec installed on your workstation
- An Atlassian Cloud account with appropriate access
- API tokens for the Atlassian products you want to query (to learn how to create API tokens, read Manage API tokens for your Atlassian account in the Atlassian documentation)
Authenticate
The Atlassian provider supports four products, each with its own authentication. You only need to configure the products you want to query.
Jira
Provide your Atlassian site host, email address, and API token:
cnspec shell atlassian jira --host https://example.atlassian.net --user your@email.com --user-token YOUR_USER_TOKEN| Flag | Value |
|---|---|
--host | Your Atlassian site URL (such as https://yoursite.atlassian.net) |
--user | The email address for your Atlassian account |
--user-token | Your Atlassian API token |
You can also set these environment variables instead of passing flags:
ATLASSIAN_HOSTATLASSIAN_USERATLASSIAN_USER_TOKEN
Confluence
Confluence uses the same authentication as Jira:
cnspec shell atlassian confluence --host https://example.atlassian.net --user your@email.com --user-token YOUR_USER_TOKENAtlassian Admin
To query Atlassian Admin (organization-level settings), you need an admin API token. To learn how to create one, read Manage an organization with the admin APIs in the Atlassian documentation.
cnspec shell atlassian admin --admin-token YOUR_ADMIN_TOKENYou can also set the ATLASSIAN_ADMIN_TOKEN environment variable.
SCIM
To query SCIM (user provisioning through an identity provider), provide your directory ID and SCIM token:
cnspec shell atlassian scim DIRECTORY_ID --scim-token YOUR_SCIM_TOKENApply a custom policy
Mondoo doesn't ship a default Atlassian policy. Pass your own with --policy-bundle:
cnspec scan atlassian jira --host https://example.atlassian.net --user your@email.com --user-token YOUR_USER_TOKEN \
--policy-bundle my-atlassian-policy.mql.yamlExplore your Atlassian environment
Jira
List all projects:
cnspec> atlassian.jira.projects
atlassian.jira.projects: [
0: atlassian.jira.project name="Engineering"
1: atlassian.jira.project name="Support"
...
]Retrieve project details:
cnspec> atlassian.jira.projects[0] { name key archived private }List users and their account types:
cnspec> atlassian.jira.users { name type }List issues with their status:
cnspec> atlassian.jira.issues { id status project typeName }List groups:
cnspec> atlassian.jira.groupsRetrieve server information:
cnspec> atlassian.jira.serverInfo { baseUrl serverTitle deploymentType }Confluence
List users:
cnspec> atlassian.confluence.usersAdmin
Retrieve organization details:
cnspec> atlassian.admin.organization { name type }List domains:
cnspec> atlassian.admin.organization.domains { name type }List managed users:
cnspec> atlassian.admin.organization.managedUsers { name email status lastActive }List organization policies:
cnspec> atlassian.admin.organization.policies { name policyType status }SCIM
List SCIM-provisioned users:
cnspec> atlassian.scim.users { name displayName title organization }List SCIM groups:
cnspec> atlassian.scim.groupsLearn more
- Atlassian Resource Pack Reference: every Atlassian resource and field cnspec can query
- Write Effective MQL: guide to authoring checks and queries