Security and Trust
As an original Atlassian Marketplace launch partner (May 2012), over 10,000 companies have put their trust in Git Integration for Jira. We take data security seriously and work constantly on programs and procedures that keep our applications secure.
Atlassian Marketplace Platinum Partner
This program recognizes partners who closely align with Atlassian’s strategy, make investments into the platform, and meet enhanced requirements. As a Platinum Partner, Git Integration for Jira is held to the highest standards for support SLAs and security programs.
SOC 2 Certified
Git Integration for Jira engages an independent third party auditor to verify our data security policies and procedures. By achieving a SOC 2 Type II designation each year, we demonstrate an organization-wide commitment to the proper handling of data and system access. The full report is available upon request (after signing our NDA).
Cloud Fortified
Designates the ability of a marketplace app to serve large customers and those with business-critical operating requirements. Cloud Fortified apps offer additional security, reliability, and support through cloud security participation, reliability checks, and a 24hr support response time.
Bug Bounty Program
One of the most powerful ways to detect vulnerabilities in production is with a bug bounty program. Our program started in 2020 and continues with market leader Bugcrowd. All researcher submissions are reviewed by the Bugcrowd Application Security Engineering (ASE) team, scored, and then addressed by our operations and development teams. Download the latest report.
US, EU and Australia Data Residency
We continue to invest in supporting our customers who prefer to host their data in different locations. Jira Cloud customers currently have the option to have all of their data stored exclusively in the US, EU, or Australia.
Security
- Peer review code reviews required
- Automatic static code analysis scanning
- Source code dependency scanning
- Regular development security training (threat modeling, SSRF, XSS, etc)
- Company-wide security awareness training
- Multi-factor authentication required for core systems
- Full participation in Bugcrowd Bug Bounty program.
- We host all Jira Cloud applications on Amazon Web Services (AWS):
- Global (hosted in AWS Northern Virginia)
- US (hosted in AWS Ohio)
- EU (hosted in AWS Ireland)
- DE (hosted in AWS Frankfurt)
- AUS (hosted in AWS Sydney)
- SG (hosted in AWS Singapore)
- Data in transit is encrypted using Transport Layer Security (TLS) 1.2+ with Perfect Forward Secrecy (PFS)
- Data at rest is encrypted using industry-standard AES-256 encryption
- We are Cloud Fortified, offering additional security, reliability and support through:
- Cloud security participation
- Reliability checks
- 24hr support response time
- and more
- Full participation in BugCrowd Bug Bounty program.
- Git Integration for Jira Server + Data Center runs on on your self-hosted Jira.
- Secured by your Jira and security professionals.
- Jira administrators can configure project permissions.
- Git Integration honors Jira group/user permissions.
- Regular internal security reviews.
- Periodic engagements with external security professionals on audits and external testing for SQL injections, Server-side request forgery, and other attacks.
Reliability
- Full participation in BugCrowd Bug Bounty program.
- Git Integration for Jira Server + Data Center runs on on your self-hosted Jira.
- Secured by your Jira and security professionals.
- Jira administrators can configure project permissions.
- Git Integration honors Jira group/user permissions.
- Regular internal security reviews.
- Periodic engagements with external security professionals on audits and external testing for SQL injections, Server-side request forgery, and other attacks.
- Over 10000 companies use Git Integration for Jira products.
- Built on Amazon Web Services.
- View service status and uptime as well as incidents and maintenance at Git Integration Cloud status
- Encrypted data backups performed hourly/daily.
- Regular updates (approximately weekly) in the Atlassian Marketplace for licensed customers.
- Over 10000 companies use Git Integration for Jira products.
- Monthly updates in the Atlassian Marketplace for licensed customers.
- Jira Compatibility releases in tandem with Atlassian Jira releases.
- Only officers of GitKraken and senior members of the GitKraken Operations Team have access to production systems.
- CAIQ-Lite report shared with Atlassian Marketplace Security team
- SOC2 security certification and report available. Contact [email protected] for the report
- Git data hosted by customer.
- No “phone home” mechanisms.
- For Jira Server / Data Center only: GitKraken does not collect, process, nor store any data from your self-hosted Jira instance. All Git Integration for Jira data is stored on your servers and databases. All Git Integration for Jira app activities are performed in your environment which you control. No entities (including GitKraken) are granted access to any data stored on the Jira Server or Jira Data Center instance through the Git Integration for Jira app.
Data Management
- We have the capability to recover data for a specific customer in the case of a failure or data loss.
- Data deleted by Jira admins and Jira users is deleted immediately.
- Data for cancelled accounts is retained for 7 days.
- Retention of backups: 7 days.
- Production data never hosted outside of production AWS account.
- Each customer’s data is kept logically segregated from other tenants when at-rest.
- Any requests that are processed by Jira have a “tenant-specific” view so other tenants are not impacted.
- Git Integration for Jira supports the following Atlassian Data Residency compatible locations:
- United States
- European Union
- Germany
- Australia
- Singapore
- Git data is hosted on the Jira server or Jira Data Center nodes.
- Jira administrators control git data via repository and git server integrations.
- Access to Jira server can be controlled via Jira user/group administration.
- Access to Jira server can be restricted via network access (example: require VPN).