Back
Atlassian
Microsoft
Google
GitLab
Slack
Jenkins
View all
Our 100% security guarantee for our customers and solutions
We prioritize customer data privacy with GDPR-compliant data collection and processing.
All datastores with customer data (only app configurations), in addition to S3 buckets, are encrypted at rest. Sensitive collections and tables also use row-level encryption.
This means the data is encrypted even before it hits the database so that neither physical access, nor logical access to the database, is enough to read the most sensitive information.
We use TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use features such as HSTS (HTTP Strict Transport Security) to maximize the security of our data in transit. Server TLS keys and certificates are managed by AWS and deployed via Application Load Balancers.
Encryption keys are managed via AWS Key Management System (KMS). KMS stores key material in Hardware Security Modules (HSMs), which prevents direct access by any individuals, including employees of Amazon and Vanta. The keys stored in HSMs are used for encryption and decryption via Amazon’s KMS APIs.
Application secrets are encrypted and stored securely via AWS Secrets Manager and Parameter Store, and access to these values is strictly limited.
We participate in all the Atlassian marketplace security programs, so all of our products are extra safe.
To get a Cloud Fortified or Cloud Security Participant badge, apps must participate in this program.
We take our customers security seriously and take all the steps to delivered secure solutions even from the beginning of the development process.
Team members pull stories from the backlog as capacity allows. Typically their first step is to write tests to assert the behaviour we expect. From there they will write code to make tests pass, and then refactor as needed.
When a team member is ready for code review they add two of their colleagues to a pull request. Their colleagues review the code for consistency, sanity, and against the acceptance criteria of the user story.
During the code review process we begin user acceptance testing of the functionality in the host product. At this point we're trying to ensure that what we deliver makes sense from a customers perspective. This often turns up UI/UX improvements for the story which are then subsequently included in the pull request.
Once the pull request has been approved the development branch is merged into our master branch where we do final user acceptance testing before merging to release branch and releasing the packages.
