An open-source Atlassian plugin that provides comprehensive monitoring and audit trails for ScriptRunner Console usage in Jira DataCenter environments.
ScriptRunner Console Monitor eliminates the compliance blind spot created by ScriptRunner's powerful administrative capabilities. When administrators execute scripts to process sensitive data, modify permissions, or perform bulk operations, this plugin captures every action with forensic precision, providing complete audit trails that satisfy enterprise compliance requirements.
Explored in our two-part blog series:
- Part 1: ScriptRunner Console Monitoring: The Hidden Security Gap in Your Jira Environment - Examines why ScriptRunner Console monitoring represents a hidden security vulnerability and explores compliance implications
- Part 2: Introducing ScriptRunner Console Monitor: Your Compliance Enabler - Introduces this open-source solution that transforms compliance challenges into competitive advantages
- Complete Execution Tracking: Captures who, when, where, and what for every ScriptRunner Console execution
- Dual Script Support: Monitors both inline scripts and file-based script executions
- Security Intelligence: Identifies administrative operations, sensitive keywords, and potential security risks
- Audit-Ready Logs: Structured logging format ready for SIEM integration and compliance reporting
- Zero Disruption: Lightweight design with minimal overhead on ScriptRunner performance
- Enterprise Compatibility: Built for Jira DataCenter 9.12.18+ with backward compatibility
- ISO 27001: Satisfies Clause 12.4.1 event logging requirements
- SOC 2 Type II: Provides access control documentation (CC6.1)
- GDPR: Maintains processing activity records (Article 30)
- SOX: Supports internal controls for financial reporting (Section 404)
- Jira DataCenter: 9.12.18 or higher (tested compatibility)
- Java: JDK 11 or higher
- ScriptRunner for Jira: Any supported version
- Memory: Minimum 2GB heap space recommended for development
- Java Development Kit (JDK): 11 or higher
- Maven: 3.6.0 or higher
- Atlassian SDK: 8.14.3 or higher
- Git: For source code management
The plugin uses only Jira-provided libraries to ensure maximum compatibility:
- Jira API and Core libraries
- Atlassian Spring Scanner (2.2.4)
- Standard Java servlet API
- org.json for JSON parsing (with fallback support)
-
Download the Plugin
git clone https://github.com/ambientiaoy/scriptrunner-console-monitor.git cd scriptrunner-console-monitor -
Build the Plugin
atlas-mvn clean package
-
Deploy to Jira
- Upload the generated JAR file through Jira Administration > Manage Apps
- Or use atlas-run for development testing
-
Install Atlassian SDK
# For macOS with Homebrew brew install atlassian/tap/atlassian-plugin-sdk # For other systems, download from: # https://developer.atlassian.com/server/framework/atlassian-sdk/
-
Verify Installation
atlas-version
-
Clone and Setup
git clone https://github.com/ambientiaoy/scriptrunner-console-monitor.git cd scriptrunner-console-monitor
# Clean and compile
atlas-mvn clean compile
# Run tests (when available)
atlas-mvn test
# Package the plugin
atlas-mvn packageThe built plugin JAR will be available in the target/ directory.
# Start Jira with plugin in development mode
atlas-run
# For quick reload during development
atlas-mvn jira:run
# Package for production deployment
atlas-mvn clean packageThe plugin is configured for:
- Target Jira Version: 9.12.18
- JVM Arguments:
-Xmx2g -Xms2gfor development - Debug Port: 5005 (configurable)
- Quick Reload: Enabled for rapid development
# Build for specific Jira version
atlas-mvn clean package -Djira.version=9.4.0
# Build with custom memory settings
atlas-mvn jira:run -Xmx4g
# Build for production (optimized)
atlas-mvn clean package -Dproduction=trueThe plugin works out-of-the-box with default settings, but can be customized through:
- Log4j Configuration: Adjust logging levels in Jira's logging configuration
- SIEM Integration: Configure log forwarding to your security information system
- Custom Filtering: Modify source code for organization-specific monitoring rules
Add to your Jira logging configuration:
<!-- Enable INFO level for general monitoring -->
<Logger name="fi.ambientia.jira.scriptrunner.monitor.ScriptRunnerMonitorFilter" level="INFO"/>
<!-- Enable DEBUG level for detailed script content logging -->
<Logger name="fi.ambientia.jira.scriptrunner.monitor.ScriptRunnerMonitorFilter" level="DEBUG"/>INFO ScriptRunner Console Usage - User: john.doe (John Doe), IP: 192.168.1.100, Time: 2025-06-16T10:30:00, URI: /rest/scriptrunner/latest/user/exec
INFO File Script executed by john.doe: /opt/jira/scripts/user-management.groovy
WARN AUDIT: User john.doe executed script with administrative operations
This plugin serves as a foundation for enterprise monitoring solutions. For comprehensive implementations including:
- Custom SIEM integrations
- Advanced alerting mechanisms
- Tailored compliance workflows
- Multi-instance monitoring
- Custom security analysis rules
Contact Ambientia's Atlassian specialists for professional consultation and development services.
We welcome contributions to improve the ScriptRunner Console Monitor:
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
- Follow existing code style and patterns
- Ensure compatibility with Jira DataCenter 9.12.18+
- Maintain zero external dependencies policy
- Test with both inline and file-based scripts
- Update documentation for new features
This project is licensed under the MIT License - see the LICENSE file for details.
- Community Support: GitHub Issues for bugs and feature requests
- Enterprise Support: Contact Ambientia's Atlassian specialists
- Blogpost: See our blog posts for reference
Ambientia is the leading Atlassian Platinum Solution Partner in the Nordic region, specializing in enterprise Atlassian implementations and compliance solutions. This plugin represents our commitment to advancing Atlassian security capabilities and supporting the enterprise compliance journey.
Transform your ScriptRunner environment from compliance gap to competitive advantage with comprehensive monitoring and expert guidance.