Hi @Gary Weber ,
Generally, some of these info can be found here: Trust Center
Although the linked hub is mostly focused on cloud rather than on-prem solutions such as Sourcetree.
I've never actually explored to details trust and security topics around Sourcetree... Here's a purely AI-generated answer:
Architecture and Technology Stack
Sourcetree is a desktop client application (available for Windows and macOS) rather than a cloud-hosted service, which means its "deployment" is local to your workstations.
Architecture & Protocols: Sourcetree interfaces with Git and Mercurial repositories using standard protocols like HTTPS and SSH. For enterprise environments, we offer an MSI installer for Windows to support managed deployments at scale.
Technology Stack: As a native desktop application, the stack varies by OS (e.g., .NET for Windows and Swift/Objective-C for macOS). Detailed version tables for internal components are not typically public, but you can find general product boundaries in our System Security Plan.
Threat Modeling and Security Risks
Atlassian maintains a rigorous security program that includes threat modeling for our products.
Threat Model Status: We perform ongoing threat modeling during the planning and design phases of our products to identify and prioritize security risks.
Risk Identification & Controls: Our threat modeling involves "table-top" brainstorming sessions between engineers and architects to define security controls for identified risks. These risks and their corresponding controls are tracked internally via our Product Trust Scorecards.
Logging and Analysis: Atlassian maintains comprehensive logging standards. For our infrastructure and products, relevant system logs are forwarded to a centralized, read-only platform for monitoring and anomaly detection.
Accessing Detailed Documentation
Because some of the specific diagrams and risk lists you requested contain sensitive security information, they are not published openly on the web.
Atlassian Trust Portal: You can access detailed security collateral, compliance reports (like SOC2 or ISO 27001), and specific security questionnaires through our Customer Trust Portal.
Self-Service Access: The portal provides authenticated access for customers to perform efficient security reviews.
Also, as for any security risks, Atlassian does release security bulletins, which you can check here: Security Advisories & Bulletins 🚨
In the end, it would really depend on how far into detail the parent company will go. Someone might have additional resources on the topic, but these aren't so easy to find. 🧐
Cheers,
Tobi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.