Close

Marketplace App Trust

Trust, security, reliability and privacy are cornerstones of the relationship between Atlassian customers and our third-party Marketplace Partners.

Marketplace trust programs

Marketplace trust signals exist to help you easily identify apps that have gone above and beyond Atlassian’s general standards to deliver an exceptionally secure and reliable cloud experience. 

 

 

All Cloud apps

Cloud Security Participant

Cloud Fortified

Privacy

App privacy policies

All Cloud apps

Cloud Security Participant

Cloud Fortified

Security

Base cloud app security requirements

All Cloud apps

Cloud Security Participant

Cloud Fortified

Monitored by Atlassian’s app vulnerability scanning platform, Ecoscanner

All Cloud apps

Cloud Security Participant

Cloud Fortified

Participates in Vulnerability Disclosure Program

All Cloud apps

Cloud Security Participant

Cloud Fortified

Additional app security requirements and fix timeframes defined by Atlassian

All Cloud apps

Cloud Security Participant

Cloud Fortified

Participates in Marketplace Bug Bounty Program**

All Cloud apps

 

Cloud Security Participant

Cloud Fortified

Participates in Security Self-Assessment Program

All Cloud apps

(optional)

Cloud Security Participant

(optional)

Cloud Fortified

Reliability

Additional checks for service reliability and performance at scale

All Cloud apps

 

Cloud Security Participant

 

Cloud Fortified

Proactive checks to ensure compatibility with upcoming host product changes

All Cloud apps

 

Cloud Security Participant

 

Cloud Fortified

Incident and review processes integrated with Atlassian’s for faster recovery and continuous improvement

All Cloud apps

 

Cloud Security Participant

 

Cloud Fortified

Support

Commercially reasonable efforts to provide support

All Cloud apps

Cloud Security Participant

Cloud Fortified

24 hour response time, 5 days a week SLA for all T1 tickets**

All Cloud apps

 

Cloud Security Participant

 

Cloud Fortified

** In addition to these trust programs, the Marketplace Partner Program recognizes partners at three levels: Platinum, Gold, and Silver. Partners with these designations satisfy security and support requirements across a range of their apps.

Security programs

Get peace of mind knowing that your data is secure. Our Marketplace security programs hold Marketplace partners to the highest standards for application security. 

Bugcroud logo

Marketplace Bug Bounty Program

Atlassian has a best-in-class marketplace bug bounty program to increase security and trust for all Marketplace apps. Participating Marketplace Partners are able to proactively combat security risks before they arise by incentivizing security researchers to find vulnerabilities. To get a Cloud Fortified or Cloud Security Participant badge, apps must participate in this program.

Code review illustration

Ecoscanner

Atlassian’s Ecoscanner platform performs security checks across all Marketplace cloud apps on an ongoing basis. With Ecoscanner, Atlassian continuously monitors all Marketplace cloud apps for common security vulnerabilities to ensure the security of our ecosystem.

Apps illustration

Vulnerability Disclosure Program

The Vulnerability Disclosure Program provides another channel for customers or security researchers to report cloud app vulnerabilities to Atlassian and to Marketplace Partners. Atlassian runs this program and defines the parameters so that all cloud apps can mitigate security risks.

Cloud with key in lock

Cloud App Security Requirements

Atlassian has defined a minimum set of requirements that all Marketplace apps must meet. These requirements are mandatory and are aimed at enforcing security best practices across all apps.

Bug with x

Security Bug Fix Policy

In order to ensure the security of all apps in the Atlassian ecosystem, all Marketplace Partners are required to adhere to security bug fix SLAs for any app listed on the Atlassian Marketplace. If a vulnerability is detected, partners are required to address it in a timely manner.

Clipboard with list of names

Security Self-Assessment Program

The Marketplace Self-Assessment Program is a collaboration between Atlassian and app partners to improve security practices for cloud apps. Program participants complete an annual security assessment that Atlassian reviews and approves. To get a Cloud Fortified badge, apps must participate in this program.

App Privacy

The Atlassian Marketplace is committed to ensuring customer information shared with third-party app partners remains private in accordance with government regulations.

Radar icon

App privacy policies

Atlassian ensures that every app partner on the Marketplace has its own individual privacy policy and end-user license agreement on each app listing. Each policy outlines what data an app will collect, how that data is being used, and who will have access to that information.

Lock icon

Personal data privacy

Atlassian keeps customer information private by masking user information in the APIs. All Atlassian Marketplace apps will only have access to personal data that is set by a user to public. Users are given direct control over visibility of their personal data and can chose to restrict access to it at anytime.


Get more visibility into our cloud platform roadmap

We're committed to providing visibility into our upcoming security, compliance, privacy, and reliability releases wherever possible.

Cloud platform roadmap (Track, Plan, and Support)

We’re here and ready to answer all of your questions.

Trust & Security Community

Join the Trust & Security group on the Atlassian Community to hear directly from our Security team and share information, tips, and best practices for using Atlassian products in a secure and reliable way.

Atlassian Support

Reach out to one of our highly-trained support engineers to get answers to your most specific security questions. You may find the answers to many of your questions on our pre-filled security questionnaires.