Tamper-evident audit evidence for Jira

Hosted in Europe
ECDSA P-256 signing
RFC 3161 timestamps
Hash-chained
Offline-verifiable

Three apps, one cryptographic backbone

A connected suite on the Atlassian Marketplace. Same hash-chained backend, same offline verifier, three increasingly senior workflows.

Available

Tamper-Evident Audit Log

Every Jira event signed with ECDSA P-256, RFC 3161 timestamped, hash-chained, and offline-verifiable. Free on the Marketplace.

See the Audit Log →

In development

GitHub Evidence Pack

Bundle PRs, reviews, CI runs, and deployments into a signed evidence ZIP per milestone — for change-management auditors.

See Evidence Pack →

In development

Signed Approvals

Replace ad-hoc Jira approvals with cryptographically-signed, dual-signature workflows bound to the right approver.

See Signed Approvals →

How it works

Four steps. Every Jira event runs through the same pipeline, producing evidence that anyone can verify offline.

Four-step pipeline: Capture every Jira event, sign with ECDSA P-256, timestamp via RFC 3161, verify offline in any browser

What you see in Jira

Every issue gets a signed history panel; every project gets an admin page with chain status, retention, and the export button.

Attestsys signed-history panel on a Jira issue: an activity feed with chain status and a row expanded inline to show the entry's trust footprint — Per-issue signed history panel

Attestsys admin page in a Jira project showing chain INTACT status, retention summary, recent activity, and the Download Evidence Bundle button — Workspace admin page

See it for yourself — no install, no account

Verify a real signed bundle right here. Hit Verify the sample bundle and watch every signature, chain link, and RFC 3161 timestamp check pass — or drop your own export ZIP in. It runs entirely in your browser; we never see your data.

Download the sample bundle (63 KB)Open full-screen ↗

Verifying your own export runs entirely in your browser and makes zero network requests. “Verify the sample” downloads our 12-entry demo bundle so you can watch every signature, chain link, and RFC 3161 timestamp check pass.

What paid editions add

Every edition ships the full cryptographic stack — signing, hash chain, and RFC 3161 timestamps. Paid editions add the automation that makes evidence collect itself, all on the same Jira admin page.

Attestsys admin Tamper alerts section: a Slack channel marked ACTIVE with a 'Test alert sent' confirmation banner and a provider selector for Slack or Microsoft Teams — Continuous verification with Slack & Teams tamper alerts (Standard and up)

Attestsys Scheduled exports section: Google Drive and OneDrive both shown as connected, with a daily schedule that delivers signed evidence bundles to the cloud — Scheduled evidence exports delivered to Google Drive & OneDrive (Advanced)

Attestsys 'Your plan' card on an Advanced tenant listing the included features: unlimited retention, unlimited exports with scheduled cloud delivery, and RFC 3161 timestamping on every entry — Feature-limited, never crypto-limited — every edition keeps full signing and timestamps

Start free. Upgrade for longer retention, scheduled evidence exports, and a feed straight into your GRC tools.

The free tier ships with the full cryptographic stack intact: ECDSA P-256 signing, RFC 3161 timestamping, hash chain, offline verification. No card required. Paid editions add unlimited retention, scheduled exports delivered straight to Google Drive or OneDrive, continuous chain verification with Slack or Teams tamper alerts, a daily EU-qualified anchor, and signed-evidence delivery to Drata and Vanta — so compliance evidence collects itself.

Install free on the Atlassian Marketplace Read the documentation