Marketplace App Security
Trust, security, and privacy are cornerstones of the relationship between Atlassian customers and our third-party Marketplace app partners.
Get peace of mind knowing that your data is secure. Our Marketplace security programs hold Marketplace partners to the highest standards for application security.
Marketplace Bug Bounty Program
Atlassian has a best-in-class marketplace bug bounty program to increase security and trust for all Marketplace apps. Participating Marketplace Partners are able to proactively combat security risks before they arise by incentivizing security researchers to find vulnerabilities. To get a Cloud Security Participant badge, apps must participate in this program.
Atlassian’s Ecoscanner platform performs security checks across all Marketplace cloud apps on an ongoing basis. With Ecoscanner, Atlassian continuously monitors all Marketplace cloud apps for common security vulnerabilities to ensure the security of our ecosystem.
Vulnerability Disclosure Program
The Vulnerability Disclosure Program provides another channel for customers or security researchers to report cloud app vulnerabilities to Atlassian and to Marketplace Partners. Atlassian runs this program and defines the parameters so that all cloud apps can mitigate security risks.
Cloud App Security Requirements
Atlassian has defined a minimum set of requirements that all Marketplace apps must meet. These requirements are mandatory and are aimed at enforcing security best practices across all apps.
Security Bug Fix Policy
In order to ensure the security of all apps in the Atlassian ecosystem, all Marketplace Partners are required to adhere to security bug fix SLAs for any app listed on the Atlassian Marketplace. If a vulnerability is detected, partners are required to address it in a timely manner.
Security Self-Assessment Program
The Marketplace Self-Assessment Program is a collaboration between Atlassian and app partners to improve security practices for cloud apps. Program participants complete an annual security assessment that Atlassian reviews and approves. To get a Cloud Security Participant badge, apps must participate in this program.
App privacy policies
Atlassian keeps customer information private by masking user information in the APIs in accordance with GDPR. All Atlassian Marketplace apps will only have access to personal data that is set by a user to public. Users are given direct control over visibility of their personal data and can chose to restrict access to it at anytime.
Get more visibility into our cloud platform roadmap
We're committed to providing visibility into our upcoming security, compliance, privacy, and reliability releases wherever possible.