Filter Exposure Guard — Documentation

Filter Exposure Guard is a read-only Jira Cloud security audit of your filters and dashboards. It flags over-broad sharing, deactivated owners, and invalid JQL so you can find exposures before they become incidents. It never changes anything.

Getting started

  1. Install Filter Exposure Guard from the Atlassian Marketplace.
  2. In Jira, open the settings gear, then AppsFilter Exposure Guard. (It is an admin page; you need Jira administrator access.)
  3. It scans automatically on open. Use Rescan to refresh.

Reading the results

The Overview summarises exposure across filters and dashboards:

  • Public — shared openly (highest risk).
  • Org-wide — shared with all logged-in users in your site.
  • Shared — shared with a group, project, or specific users.
  • Private — not shared.

It also flags deactivated owners (filters/dashboards owned by an inactive account) and invalid JQL (broken filters). The Inventory tab lists everything; the Report tab exports a CSV or Markdown audit.

Scope of the audit

The app audits all shared/public filters and dashboards. Items kept private by other users are not visible to Forge apps — and are not an exposure by definition. Owner active/deactivated status is read where available.

Permissions and data

Read-only. Reads filter/dashboard configuration, sharing, JQL, and owner active status. Stores nothing beyond your dismissed-warning preferences; reads no issue content and stores no personal data. See the privacy policy for detail and exact scopes.

Support

Questions or issues: support, or email hello@ariacode.dev.