Integrate Jira, Slack, GitHub, GitLab, Google and more.
ScriptRunner Connect, previously Advanced Automations, is a code-based integration platform that enables you to script your solution and connect apps within an assisted coding environment to automate workflows, keep data aligned across apps, as well as move data from one app to another.
Automate, sync or migrate objects in your boards, such as items, users, tags, tables and more.
Why we think you’ll love ScriptRunner Connect
Control and flexibility: The power of scripting in JavaScript gives you the flexibility needed to define the exact business logic for your integration challenge.
Assisted coding environment: Pre-built managed connectors automatically manage the authentication process for you and detailed scripting templates help you get started more quickly.
Team alignment: Ensure the same single source of truth is made available to all of your teams and collaborate easily with co-workers and/or clients by working on integrations together.
Designed for scale: Integrate monday.com, Jira, Confluence, ServiceNow, Zendesk, Salesforce, Azure DevOps, GitLab, GitHub, Microsoft 365, Google Sheets, Google Calendar, Slack and more… or connect to any app that has a web-based REST API for near unlimited scale.
Secure and reliable: Rely on the expertise of the teams behind ScriptRunner with 40,000+ installations worldwide with GDPR, ISO 27001 and SOC Type 2 compliance.
No more re-familiarising yourself with UI after UI. No more inefficient single use case solutions or user-based pricing. Connect all of your apps using ScriptRunner Connect, with a usage-based pricing model to save you time and money from day one.
Are you ready to swap your myriad of integration tools for a single integration platform?
ScriptRunner is the market leader when it comes to stretching Jira and Confluence, and we’re now applying the same teams and technology to monday.com.
Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
No
Does the app protect against mass parameter assignment attacks?
Yes
SRC backend does not make use of models that would accept parameters that are not designed to be sent from the frontend. And our monday app page N/A as it is frontend only with no backend.
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
Yes
In our monday app page we don’t accept any user supplied parameters. We use react and all parameters are sanitized. SRC was recently penetration tested by a CREST certified vendor, no attack surfaces related to CSRF were found.
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
Yes
In our monday app page, the application doesn't rely on any server-side processing and solely operates within monday's iframe, utilizing only the monday.com SDK to make requests, it is inherently secure against CSRF. SRC was recently penetration tested by a CREST certified vendor, no attack surfaces related to CSRF were found.
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
As ISO 27001 compliant product we adhere to the Adaptavist Group incident management process. Incident is reported to customers affected as soon as possible, maximum within 72 hours. Incident is reported to [email protected] as soon as possible, within 24 hours. If Adaptavist is controller to the information breached (not only processor) regulatory authorities are notified, same time limits apply. As an ISO 27001 certified Adaptavist Group has a group level incident process and a deticated Breach Process.
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
In our monday app page it's manually at the time of publishing a new version of app. When we lead the user to ScriptRunner Connect (SRC), makes use of serverless technologies, hence the patching of operating systems and other software on these levels are the responsibility of the serverless service vendor. SRC does utilize vulnerability scanning for third party software dependencies. All vulnerabilities regardless of their criticality are attended immediately after the discovery.
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
Not answered
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
No
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
Yes
Adaptavist is Soc2 compliant
Is the app compliant with the General Data Protection Regulation (GDPR)?
Yes
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Not answered
Where does the app store logs data?
Not answered
Where does the app store the app data?
Not answered
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
Yes
When the information is sent to any tracing tool (Sentry and Segment) the information is pseudo-anonymised. Therefore, only the user or account ID is sent, and all the information that can be sensitive is discarded or hidden. PII data is anonymised and secrets are not logged.
Is customer data segregated from the data of other customers (for example logically or physically)?
Yes
Strict access controls are in place to ensure that the user can only access the data that they have access to.
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
Yes
MFA is enforced
Does the developer protect access to customer data based on the principle of least privilege?
Yes
In general, various people within the Adaptavist Group may need access to the information that you provide us. They may need this for technical, commercial or compliance reasons, and this will be done in accordance with Adaptavist Group’s internal access control policy. On SRC, access to customer data is highly restricted for SRC team only.
Reviews
May 3, 2024
CC: Very difficult to use. Hard to understand
January 30, 2024
ME: Awesome
Installation history
We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.
{
"id": 10000378,
"description": "<p>ScriptRunner Connect, previously Advanced Automations, is a <strong>code-based integration platform </strong>that enables you to script your solution and connect apps within an assisted coding environment to automate workflows, keep data aligned across apps, as well as move data from one app to another. </p><p><br></p><p>Automate, sync or migrate objects in your boards, such as items, users, tags, tables and more.</p><p><br></p><p><strong>Why we think you’ll love ScriptRunner Connect</strong></p><p><br></p><ul><li><strong>Control and flexibility: </strong>The power of scripting in JavaScript gives you the flexibility needed to define the exact business logic for your integration challenge. </li><li><strong>Assisted coding environment: </strong>Pre-built managed connectors automatically manage the authentication process for you and detailed scripting templates help you get started more quickly.</li><li><strong>Team alignment: </strong>Ensure the same single source of truth is made available to all of your teams and collaborate easily with co-workers and/or clients by working on integrations together.</li><li><strong>Designed for scale: </strong>Integrate monday.com, Jira, Confluence, ServiceNow, Zendesk, Salesforce, Azure DevOps, GitLab, GitHub, Microsoft 365, Google Sheets, Google Calendar, Slack and more… or connect to any app that has a web-based REST API for near unlimited scale. </li><li><strong>Secure and reliable:</strong> Rely on the expertise of the teams behind ScriptRunner with 40,000+ installations worldwide with GDPR, ISO 27001 and SOC Type 2 compliance.</li></ul><p><br></p><p>No more re-familiarising yourself with UI after UI. No more inefficient single use case solutions or user-based pricing. Connect all of your apps using ScriptRunner Connect, with a usage-based pricing model to <strong>save you time and money from day one</strong>. </p><p><br></p><p>Are you ready to swap your myriad of integration tools for a single integration platform?</p><p><br></p><p><strong>ScriptRunner</strong> is the market leader when it comes to stretching Jira and Confluence, and we’re now applying the same teams and technology to monday.com.</p><p><br></p><p><strong>See ScriptRunner Connect in action! </strong><a href=\"https://meetings.hubspot.com/bobby-bailey\" rel=\"noopener noreferrer\" target=\"_blank\">Schedule a demo</a></p>",
"short_description": "Integrate Jira, Slack, GitHub, GitLab, Google and more.",
"compliance_answers": [
{
"questionId": 1,
"shortAnswer": true,
"detailedAnswer": "Strict access controls are in place to ensure that the user can only access the data that they have access to."
},
{
"questionId": 2,
"shortAnswer": true,
"detailedAnswer": "In our monday app page it's manually at the time of publishing a new version of app. When we lead the user to ScriptRunner Connect (SRC), makes use of serverless technologies, hence the patching of operating systems and other software on these levels are the responsibility of the serverless service vendor. SRC does utilize vulnerability scanning for third party software dependencies. All vulnerabilities regardless of their criticality are attended immediately after the discovery."
},
{
"questionId": 3,
"shortAnswer": true,
"detailedAnswer": "As ISO 27001 compliant product we adhere to the Adaptavist Group incident management process. Incident is reported to customers affected as soon as possible, maximum within 72 hours. Incident is reported to [email protected] as soon as possible, within 24 hours. If Adaptavist is controller to the information breached (not only processor) regulatory authorities are notified, same time limits apply. As an ISO 27001 certified Adaptavist Group has a group level incident process and a deticated Breach Process."
},
{
"questionId": 4,
"shortAnswer": true,
"detailedAnswer": "In our monday app page, the application doesn't rely on any server-side processing and solely operates within monday's iframe, utilizing only the monday.com SDK to make requests, it is inherently secure against CSRF. SRC was recently penetration tested by a CREST certified vendor, no attack surfaces related to CSRF were found."
},
{
"questionId": 5,
"shortAnswer": true,
"detailedAnswer": "In our monday app page we don’t accept any user supplied parameters. We use react and all parameters are sanitized. SRC was recently penetration tested by a CREST certified vendor, no attack surfaces related to CSRF were found."
},
{
"questionId": 6,
"shortAnswer": true,
"detailedAnswer": "In general, various people within the Adaptavist Group may need access to the information that you provide us. They may need this for technical, commercial or compliance reasons, and this will be done in accordance with Adaptavist Group’s internal access control policy. On SRC, access to customer data is highly restricted for SRC team only."
},
{
"questionId": 7,
"shortAnswer": true,
"detailedAnswer": "MFA is enforced"
},
{
"questionId": 8,
"shortAnswer": true,
"detailedAnswer": "When the information is sent to any tracing tool (Sentry and Segment) the information is pseudo-anonymised. Therefore, only the user or account ID is sent, and all the information that can be sensitive is discarded or hidden. PII data is anonymised and secrets are not logged."
},
{
"questionId": 9,
"shortAnswer": true,
"detailedAnswer": "SRC backend does not make use of models that would accept parameters that are not designed to be sent from the frontend. And our monday app page N/A as it is frontend only with no backend."
},
{
"questionId": 10,
"shortAnswer": false
},
{
"questionId": 11,
"shortAnswer": true
},
{
"questionId": 12,
"shortAnswer": true,
"detailedAnswer": "Adaptavist is Soc2 compliant"
},
{
"questionId": 13,
"shortAnswer": false
},
{
"questionId": 14,
"shortAnswer": true,
"detailedAnswer": "[email protected]"
},
{
"questionId": 15,
"shortAnswer": true,
"detailedAnswer": "SRC aims to be penetration tested once per year"
}
],
"badges_data": {
"acquisition_source": "Touch",
"app_values": [
"Popular with Dev users"
],
"pricing_data": "Free",
"security": true
},
"data": {
"terms_of_service_url": "https://www.adaptavist.com/terms-and-conditions"
},
"keywords": "Scripting,advanced automations,JavaScript, Cross-board,Integrate,Migrate,Sync,Jira,Slack,Microsoft",
"thumbnail_url": null,
"logo_url": "https://cdn.monday.com/marketplace/10000378/10000378_2024_10_1_11_10_59_m9fi93lh.png",
"feedback_url": "https://scriptrunnerconnect.nolt.io/top",
"privacy_policy_url": "https://www.adaptavist.com/privacy-policy",
"external_pricing_url": null,
"featured": null,
"security": true,
"display_in_template_store": null,
"acquisition_source": "Touch",
"terms_of_service_url": "https://www.adaptavist.com/terms-and-conditions",
"label": null,
"app_values": [
"Popular with Dev users"
],
"security_info": null,
"gallery_assets": [
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1704380507/monday-apps-marketplace/Advanced%20Automations/image-20231122-102134.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1704380507/monday-apps-marketplace/Advanced%20Automations/image-20231122-102124.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1704380507/monday-apps-marketplace/Advanced%20Automations/image-20231122-102117.png"
}
],
"pricing_data": "Free",
"marketplace_developer_id": 10000154,
"app_id": 10040179,
"marketplace_category_ids": [
10000000,
7,
6
],
"name": "ScriptRunner Connect",
"app_scope_str": "me:read,boards:read,boards:write,workspaces:read,workspaces:write,users:read,users:write,account:read,notifications:write,updates:read,updates:write,assets:read,tags:read,teams:read,webhooks:write,webhooks:read,docs:read,docs:write",
"app_client_id": "4c42ead0d694bfc6d82adc365efd47bb",
"app_color": {
"hsl": {
"h": 9.921259842519607,
"s": 0,
"l": 1,
"a": 1
},
"hex": "#ffffff",
"rgb": {
"r": 255,
"g": 255,
"b": 255,
"a": 1
},
"hsv": {
"h": 9.921259842519607,
"s": 0,
"v": 1,
"a": 1
},
"oldHue": 9.921259842519607,
"source": "rgb"
},
"created_at": "2024-01-08T14:06:31.964Z",
"updated_at": "2024-11-05T14:06:37.002Z",
"how_to_use_url": "https://docs.adaptavist.com/aa/latest",
"automation_app_id": null,
"plans": [
{
"id": "10040179-1-free",
"appId": 10040179,
"appPlanId": "free",
"versionId": 1,
"versionState": "live",
"name": "Free",
"description": "Free plan",
"extraData": {
"bullets": [],
"monthlyFee": 0,
"yearlyFee": 0,
"maxSeats": null
},
"isTrial": false,
"isRecommended": false,
"isFree": true,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 0,
"yearly": 0
}
}
],
"featured_for_categories_ids": [],
"pinned_for_categories_ids": [],
"pricing_model": null,
"app_type": "app",
"display": null,
"is_connector": null,
"google_analytics_tag_id": null,
"app_live_version": {
"updated_at": "2025-03-04T10:52:04Z",
"id": 10612349
},
"is_solution": null,
"available_for_tiers": null,
"available_for_products": null
}
