Last updated Jun 29, 2021

Rate this page:

Cloud Fortified apps program security requirements

The security requirements for Cloud Fortified Apps use established security programs.

To meet the security requirements, Cloud Fortified apps must:

Participate in the Security Self-Assessment Program

The Security Self-Assessment Program is a collaboration between Atlassian and Marketplace Partners to increase security awareness and improve security practices. The goal is to increase customer confidence in apps and provide them with necessary information to perform security evaluations. The program involves an annual security self-assessment that Atlassian reviews and approves. During the review process, Atlassian works with the partner to pinpoint vulnerabilities and identify improvements. Once approved, the application expires after one year, and partners must re-apply with updated information each year.

For Cloud Fortified apps approval, check whether your app has a green checkmark for "This vendor has completed the Security Self-Assessment Program," as shown below. If it does, you can skip this section and attest to this in the approval checklist.

Security Self-Assessment Program checkmark dialog

Participate in the Marketplace Security Bug Bounty Program and receive a Cloud Security Participant badge

The Marketplace Security Bug Bounty Program is hosted on Bugcrowd, a SaaS platform built to crowdsource vulnerability discovery from a global pool of talented security researchers. Marketplace Partners who join this program allow security researchers to test their applications for security vulnerabilities. These security researchers are then rewarded based on the severity of the vulnerability discovered. The result is a cost efficient solution for Marketplace Partners to discover and fix vulnerabilities in their apps on an ongoing basis that results in more secure apps for customers.

Marketplace apps that are participating in the Marketplace Bug Bounty Program are identifiable by the security badge on their Marketplace app listing.

For Cloud Fortified Apps approval, check whether your app has a green checkmark for "This app is part of the Marketplace Bug Bounty Program," as shown below. If it does, you can skip this section and attest to this in the approval checklist.

Marketplace Bug Bounty Program checkmark dialog

Rate this page: