How Secure are Your Atlassian Marketplace Apps?

Do you know how secure your Atlassian Marketplace apps are? Our team created this Atlassian Marketplace application security guide to show the difference in application security levels, and what it means for an application to earn Cloud Fortified status. 

Security Requirements for All Cloud Applications 

• An application must authenticate and authorize every request on all endpoints exposed. 
• Any Atlassian End User Data stored by an application outside of the Atlassian product or users’ browser must ensure full disk encryption at-rest. 
• An application must use TLS version 1.2 (or higher) to encrypt all of its traffic, and enable HSTS with a minimum age of one year. 
• An application must not collect or store credentials belonging to Atlassian user accounts such as user passwords or user API tokens. 

Cloud Fortified Apps

Cloud fortified apps offer additional security, reliability, and support through:

• Cloud security participation  
  • Bug Bounty program
  • Security self-assessment program 
• Reliability checks 
• 24hr support response time

You can identify cloud fortified apps on the marketplace with “Cloud Fortified” badges. 🏰

Psst: If you’re looking for a secure way to merge your Git data with Jira, Git Integration for Jira is Cloud Fortified and an Atlassian Ecosystem Staff Pick!