Has your Jira analytics app ever been tested by independent security researchers?

A few months ago, we put SnapMetrics – Real Time Analytics through Atlassian’s Marketplace Bug Bounty Program. Independent security researchers tested the app for vulnerabilities. It passed.

That outcome combined with meeting Atlassian’s full set of reliability and support requirements is what earned us the Cloud Fortified badge. We’re not sharing this to boast. We’re sharing it because if you’re evaluating a Jira analytics tool, you deserve to know what’s actually been verified and by whom.

This post explains the Cloud Fortified program, what it actually required from us, what SnapMetrics – Real Time Analytics does, and why we think it’s worth a try.

What Is Cloud Fortified?

Cloud Fortified is Atlassian’s highest-tier trust certification for Marketplace apps. It’s not self-reported  it’s earned by meeting verified requirements across three areas: security, reliability, and support.

Every Marketplace app meets a baseline. Cloud Fortified goes further. The two differentiating requirements are the Bug Bounty Program and the annual Security Self-Assessment both are opt-in programs that become mandatory at the Cloud Fortified tier.

 

Security	Reliability	Support
Ecoscanner – continuous automated scanning Vulnerability Disclosure Program Marketplace Bug Bounty (opt-in — required for CF) Annual Security Self-Assessment (opt-in — required for CF) Security Bug Fix SLAs Cloud App Security Requirements	Core capability SLIs & SLOs monitored continuously Pre-release compatibility tests before Jira updates Incident management integrated with Atlassian’s Defined recovery & post-incident improvement process	Designated support point of contact Critical (T1) ticket response within 24 hours 5 days a week, local business hours

 

Why this matters for your team Security and compliance are among the top concerns for IT managers evaluating cloud apps Atlassian’s own research puts it at 40%. Cloud Fortified gives you a clear, Atlassian-verified answer to the question: has this app been independently tested, and does the partner maintain it responsibly?

 

What the Process Actually Looked Like

Here’s a plain-language breakdown of what earning Cloud Fortified required from us:

On the security side

• Ecoscanner: Atlassian’s automated platform continuously scans SnapMetrics – Real Time Analytics for common vulnerabilities. Any findings must be resolved within defined SLAs.
• Vulnerability Disclosure Program: We participate in the program that allows customers and security researchers to report vulnerabilities directly to Atlassian and to us.
• Bug Bounty Program: We enrolled in the Marketplace Bug Bounty Program, where independent security researchers actively tried to find vulnerabilities in SnapMetrics – Real Time Analytics. The app passed. This is an opt-in program — not all Marketplace apps participate, but it’s required for Cloud Fortified.
• Annual Security Self-Assessment: We complete a full security assessment every year. Atlassian reviews and approves it. Another opt-in program that becomes mandatory at the Cloud Fortified tier.

On reliability

• SLI/SLO monitoring: Core capabilities of SnapMetrics – Real Time Analytics are measured against defined service level indicators and objectives on an ongoing basis.
• Compatibility testing: We proactively test against upcoming Jira updates to catch breaking changes before they reach you.
• Incident management: Our incident response process is integrated with Atlassian’s, which means faster recovery when issues occur.

 

On support

• 24-hour T1 response: If SnapMetrics – Real Time Analytics is preventing you from working, you will hear from us within 24 hours, 5 days a week during local business hours. This is a contractual commitment, verified by Atlassian.

 

Standard Marketplace App vs. Cloud Fortified: The Actual Difference

A lot of good apps on the Marketplace aren’t Cloud Fortified, that doesn’t make them untrustworthy. But if you’re deciding between apps, here’s what the badge tells you:

 

Standard Marketplace App vs. Cloud Fortified
Requirement	Standard App	Cloud Fortified
Bug Bounty participation	Optional	✓ Required
Annual Security Self-Assessment	Optional	✓ Required
Ecoscanner monitoring	✓ All apps	✓ Required
Vulnerability Disclosure Program	✓ All apps	✓ Required
Core capability SLOs	Not required	✓ Required
Host product compatibility tests	Not required	✓ Required
Atlassian-integrated incident mgmt	Not required	✓ Required
24hr T1 support response	Not required	✓ Required

 

The short version: standard Marketplace apps meet Atlassian’s baseline. Cloud Fortified apps have been tested further  active bug bounty, annual self-assessment, reliability SLOs, and support SLAs that Atlassian verifies.

 What SnapMetrics – Real Time Analytics Actually Does

For those new to the app: SnapMetrics – Real Time Analytics is a real-time performance tracking and analytics tool for Jira, built on Atlassian’s Forge platform.

The core idea is that Jira captures a lot of valuable data as your team works  status changes, transitions, assignments, time logs. SnapMetrics – Real Time Analytics makes that data immediately visible and actionable. No spreadsheet exports, no waiting for a scheduled report. You define the metrics you actually care about, and you see them live.

 

SnapMetrics – Real Time Analytics: Reports & Features
Report / Feature	What it does
KPI Report	Define and track custom KPIs on the fly  no admin required. Time in Status, Transition Time, Transition User, Parent/Linked Issue Field, and more. Export to Excel or PDF in one click.
Time by Status	See exactly how long issues spend in each status. Filter live by project, assignee, or calendar. Pinpoint where work stalls before it becomes a blocker.
Time by Assignees	Visualize and compare time distribution across team members. Spot imbalances and keep everyone’s queue healthy.
Worklog Report & Analysis	Break down logged time by user, issue, epic, component, and fix version. Slice by day, week, month, or quarter.
Custom Calendars	Define working hours, time zones, and holidays for accurate, context-aware reporting.
Basic & JQL Search	Filter issues the same way you do in Jira, familiar, fast, flexible.
Saved Filters	Save report configurations and reuse them instantly.
Export (Excel & PDF)	One-click export for all reports. Share with stakeholders who don’t live in Jira.

 

Define your own metrics — not just the pre-built ones

One thing that sets SnapMetrics – Real Time Analytics apart is the flexibility of its metric system. No admin setup required anyone on the team can create a custom metric based on the events and data points that matter most to their workflow:

 

Metric Types You Can Define
Metric Type	What it measures
Time in Status	Total time an issue spent in a specific status. Core for cycle time and SLA tracking.
Time Between Events	Elapsed time between any two tracked events lead time, response time, custom flow metrics.
Transition Time	How long a status-to-status transition takes. Surfaces bottlenecks with precision.
Transition User	Which user performed a given transition. Useful for workload audits.
Status Date / Status User	Exact date and user for each status entry.
Attachment & Comment tracking	Date and user for file attachments and comments.
Parent Issue Field	Pull field values from parent issues into child-level metrics.
Linked Issue Field	Pull data from linked issues for relational analysis across epics or dependencies.

 Live tracking and historical data work together: SnapMetrics – Real Time Analytics handles both day-to-day operational visibility and longer-term trend analysis. Sprint-by-sprint delivery velocity, team capacity over quarters, workflow bottleneck patterns that only emerge over time, it’s all in one place.

 Why We’re Sharing This

We know the Atlassian Community evaluates apps carefully, and rightly so. When you install a third-party app, you’re extending trust to a partner you may not know much about. We wanted to be transparent about what we’ve done to earn that trust, not just claim it.

If you’re using SnapMetrics – Real Time Analytics and have feedback, we want to hear it. If you’re considering it, feel free to drop questions below  we’re active here and respond to every comment. And if you’ve been through the Cloud Fortified process yourself, we’d genuinely love to compare notes.

 

Questions about the app, the Cloud Fortified requirements, or anything else? Reply below or reach us through our Marketplace listing.

 

Want to give it a try? SnapMetrics – Real Time Analytics install and try on Atlassian Marketplace. → Find us on Atlassian Marketplace