Close

Marketplace App Trust

Trust is a key component of the relationship between Atlassian customers and our third-party Marketplace Partners.

Venn Diagram spot

Cloud apps are a shared responsibility

Atlassian provides information, controls and capabilities, while facilitating communication between you and Marketplace Partners.

Marketplace Partners

Marketplace partners design apps and operational processes according to their legal obligations, Atlassian’s requirements, and general industry best practices for reliable, compliant, and secure apps. They also provide support and information to help you make informed decisions.

Atlassian

Atlassian provides information and capabilities to help Marketplace Partners build trustworthy apps and to help customers vet and manage apps.

You

You leverage the information provided by Atlassian and Marketplace Partners to vet apps against your requirements. It’s important to acknowledge that app installation requires a new relationship with a Marketplace Partner that is separate from your relationship with Atlassian.

Atlassian’s approach to supporting customers and partners

Data protection support for Marketplace Partners

Atlassian has programs, tools, educational resources, and requirements in place to help third parties protect your data when you extend your workflows with Marketplace apps.

In the event that partners aren't meeting our requirements, we may take actions like removing badges, hiding apps from the Marketplace, pausing them, or adding them to a public transparency page.

Setting a privacy & security baseline

Our Marketplace programs help Marketplace Partners achieve the highest consistent standards for application security and privacy.

Cloud Security spot

Setting a security baseline with requirements

Atlassian has defined a minimum set of Cloud App Security requirements that all Marketplace apps must meet. These requirements are mandatory and are aimed at enforcing security best practices across all apps.

Code review illustration

Maintaining security through continuous scanning

Atlassian’s Ecoscanner platform performs security checks across all Marketplace cloud apps on an ongoing basis to help ensure the security of our ecosystem.

If an app is found to be missing a security requirement, Atlassian will take action to protect customers.

Bug logo

Timely resolution of security issues

To ensure the security of all Marketplace cloud apps, Marketplace Partners are required to adhere to security bug fix SLAs. If a vulnerability or missing security requirement is detected in any app listed on the Marketplace, partners are required to respond in a timely manner.

Bugcroud logo

Enhanced vulnerability discovery via opt-in Bug Bounty program

Atlassian has a best-in-class marketplace bug bounty program to increase security and trust. Participating Marketplace Partners are able to proactively combat security risks before they arise by incentivizing security researchers to find vulnerabilities. While the program is generally optional, apps must participate to get a Cloud Fortified or Cloud Security Participant badge.

Security Practices spot

Ensuring transparency through privacy requirements

Apps are required to provide a privacy policy that outlines data access, collection and processing, and with whom and where End User Data might be shared or stored.

In addition to a privacy policy, Atlassian requires partners to obtain all necessary rights, permissions, and consents from end users for any processing of any End User Data.

Administrative visibility & control for customers

Get the information you need to choose apps that fit your requirements thanks to centralized app information on Atlassian Marketplace.

Plus, leverage controls to ensure only apps you trust have access to the data they need.

We support this through:
Checkmark icon

Centralized app administration in admin.atlassian.com

Checkmark icon

Controls for end user app installs

Checkmark icon

Controls to limit app access to selected content (coming soon)

Checkmark icon

Privacy & Security tab on Atlassian Marketplace

Checkmark icon

Required privacy policies on each Marketplace app listing

Helping you safely power-up your workspace with apps

In addition to trust badges, we’re constantly working with partners to bring you more app information on admin.atlassian.com and the Marketplace. To learn more about an app before installing, you can:

step 1

Start with the Privacy & Security tab on the app’s listing.

This should include partner-provided information about how an app handles data, its permissions, compliance certifications, security details, privacy information and more.

step 2

Visit the app’s privacy policy.

Partners are required to provide a privacy policy that details their app’s data access and use on their Marketplace app listing. If you can’t find what you need on the Privacy & Security tab, try the privacy policy or documentation.

step 3

Check the partner’s website.

Some partners have their own comprehensive trust centers, which can provide detailed information about the company and app.

step 4

Reach out to the partner directly.

You can find support contacts on the app listing, but this may not always be the right contact for security questions. Check the security contact listed directly on the Privacy & Security tab to save time.

step 5

Sign up for new version updates.

Or check the Connected Apps tab on admin.atlassian.com for apps with an update available so you can stay up to date on app changes.

Find apps that are going the extra mile to protect your data and workflows

On the Atlassian Marketplace, you may notice that some apps have a Cloud Security Participant or Cloud Fortified badge. These badges help you easily identify apps that have gone above and beyond Atlassian’s general standards to deliver a secure and reliable cloud experience.

The requirements for each badge are as follows:

 

 

All Cloud apps

Cloud Security Participant apps

Cloud Fortified apps

Privacy

App privacy policies

All Cloud apps

Cloud Security Participant apps

Cloud Fortified apps

Security

Base cloud app security requirements

All Cloud apps

Cloud Security Participant apps

Cloud Fortified apps

Monitored by Atlassian’s app vulnerability scanning platform, Ecoscanner

All Cloud apps

Cloud Security Participant apps

Cloud Fortified apps

Additional app security requirements and fix timeframes defined by Atlassian

All Cloud apps

Cloud Security Participant apps

Cloud Fortified apps

Participates in Marketplace Bug Bounty Program

All Cloud apps

 

Cloud Security Participant apps

Cloud Fortified apps

Has a complete Privacy & Security tab

All Cloud apps

(optional)

Cloud Security Participant apps

(optional)

Cloud Fortified apps

Reliability

Additional checks for service reliability and performance at scale

All Cloud apps

 

Cloud Security Participant apps

 

Cloud Fortified apps

Incident and review processes integrated with Atlassian’s for faster recovery and continuous improvement

All Cloud apps

 

Cloud Security Participant apps

 

Cloud Fortified apps

Support

Commercially reasonable efforts to provide support

All Cloud apps

Cloud Security Participant apps

Cloud Fortified apps

24 hour response time, 5 days a week SLA for all T1 tickets

All Cloud apps

 

Cloud Security Participant apps

 

Cloud Fortified apps

Trust & Security Community

Join the Trust & Security group on the Atlassian Community to receive information, tips, and best practices for using Atlassian products in a secure and reliable way.