Marketplace App Trust
Trust, security, reliability and privacy are cornerstones of the relationship between Atlassian customers and our third-party Marketplace Partners.
Marketplace trust programs
Marketplace trust signals exist to help you easily identify apps that have gone above and beyond Atlassian’s general standards to deliver an exceptionally secure and reliable cloud experience.
| | | All Cloud apps | Cloud Security Participant | Cloud Fortified |
|---|---|---|---|---|
| | All Cloud apps
| Cloud Security Participant
| Cloud Fortified
| |
| Base cloud app security requirements | All Cloud apps
| Cloud Security Participant
| Cloud Fortified
| |
| Monitored by Atlassian’s app vulnerability scanning platform, Ecoscanner | All Cloud apps
| Cloud Security Participant
| Cloud Fortified
| |
| Additional app security requirements and fix timeframes defined by Atlassian | All Cloud apps
| Cloud Security Participant
| Cloud Fortified
| |
| Participates in Marketplace Bug Bounty Program** | All Cloud apps
| Cloud Security Participant
| Cloud Fortified
| |
| Has a complete Privacy & Security tab | All Cloud apps (optional) | Cloud Security Participant (optional) | Cloud Fortified
| |
| Additional checks for service reliability and performance at scale | All Cloud apps
| Cloud Security Participant
| Cloud Fortified
| |
| Incident and review processes integrated with Atlassian’s for faster recovery and continuous improvement | All Cloud apps
| Cloud Security Participant
| Cloud Fortified
| |
| Commercially reasonable efforts to provide support | All Cloud apps
| Cloud Security Participant
| Cloud Fortified
| |
| 24 hour response time, 5 days a week SLA for all T1 tickets** | All Cloud apps
| Cloud Security Participant
| Cloud Fortified
|
** In addition to these trust programs, the Marketplace Partner Program recognizes partners at three levels: Platinum, Gold, and Silver. Partners with these designations satisfy security and support requirements across a range of their apps.
Security programs
Get peace of mind knowing that your data is secure. Our Marketplace security programs hold Marketplace partners to the highest standards for application security.
Marketplace Bug Bounty Program
Atlassian has a best-in-class marketplace bug bounty program to increase security and trust for all Marketplace apps. Participating Marketplace Partners are able to proactively combat security risks before they arise by incentivizing security researchers to find vulnerabilities. To get a Cloud Fortified or Cloud Security Participant badge, apps must participate in this program.
Ecoscanner
Atlassian’s Ecoscanner platform performs security checks across all Marketplace cloud apps on an ongoing basis. With Ecoscanner, Atlassian continuously monitors all Marketplace cloud apps for common security vulnerabilities to ensure the security of our ecosystem.
Vulnerability Disclosure Program
The Vulnerability Disclosure Program provides another channel for customers or security researchers to report cloud app vulnerabilities to Atlassian and to Marketplace Partners. Atlassian runs this program and defines the parameters so that all cloud apps can mitigate security risks.
Cloud App Security Requirements
Atlassian has defined a minimum set of requirements that all Marketplace apps must meet. These requirements are mandatory and are aimed at enforcing security best practices across all apps.
Security Bug Fix Policy
In order to ensure the security of all apps in the Atlassian ecosystem, all Marketplace Partners are required to adhere to security bug fix SLAs for any app listed on the Atlassian Marketplace. If a vulnerability is detected, partners are required to address it in a timely manner.
Security Self-Assessment Program
The Marketplace Self-Assessment Program is a collaboration between Atlassian and app partners to improve security practices for cloud apps. Program participants complete an annual security assessment that Atlassian reviews and approves. To get a Cloud Fortified badge, apps must participate in this program.
App Privacy
The Atlassian Marketplace is committed to ensuring customer information shared with third-party app partners remains private in accordance with government regulations.
App privacy policies
Atlassian ensures that every app partner on the Marketplace has its own individual privacy policy and end-user license agreement on each app listing. Each policy outlines what data an app will collect, how that data is being used, and who will have access to that information.
Personal data privacy
Atlassian keeps customer information private by masking user information in the APIs. All Atlassian Marketplace apps will only have access to personal data that is set by a user to public. Users are given direct control over visibility of their personal data and can chose to restrict access to it at anytime.
Get more visibility into our cloud platform roadmap
We're committed to providing visibility into our upcoming security, compliance, privacy, and reliability releases wherever possible.
We’re here and ready to answer all of your questions.
Trust & Security Community
Join the Trust & Security group on the Atlassian Community to hear directly from our Security team and share information, tips, and best practices for using Atlassian products in a secure and reliable way.
Atlassian Support
Reach out to one of our highly-trained support engineers to get answers to your most specific security questions. You may find the answers to many of your questions on our pre-filled security questionnaires.