Last updated Feb 13, 2023

Rate this page:

Cloud Fortified Apps Program security requirements

The security requirements for Cloud Fortified Apps use established security programs.

To meet the security requirements, Cloud Fortified Apps must:

Participate in the Security Self-Assessment Program

Atlassian is introducing a new Privacy and Security tab in the Marketplace listing UI for cloud apps. This new tab will provide detailed information on the privacy, security, data handling, and compliance practices followed by cloud apps and will replace the Security Self Assessment as a Cloud Fortified requirement. The Security Self Assessment will be deprecated on August 13, 2023, 6 months after we begin accepting responses for this new Privacy & Security tab.

The Security Self-Assessment Program is a collaboration between Atlassian and Marketplace Partners to increase security awareness and improve security practices. The goal is to increase customer confidence in apps and provide them with necessary information to perform security evaluations. The program involves an annual security self-assessment that Atlassian reviews and approves. During the review process, Atlassian works with the partner to pinpoint vulnerabilities and identify improvements. Once approved, the application expires after one year, and partners must re-apply with updated information each year.

For Cloud Fortified Apps approval, check whether your app has a green checkmark for "This vendor has completed the Security Self-Assessment Program," as shown below. If it does, you can skip this section and attest to this in the approval checklist.

Security Self-Assessment Program checkmark dialog

Participate in the Marketplace Security Bug Bounty Program and receive a Cloud Security Participant badge

The Marketplace Security Bug Bounty Program is hosted on Bugcrowd, a SaaS platform built to crowdsource vulnerability discovery from a global pool of talented security researchers. Marketplace Partners who join this program allow security researchers to test their applications for security vulnerabilities. These security researchers are then rewarded based on the severity of the vulnerability discovered. The result is a cost efficient solution for Marketplace Partners to discover and fix vulnerabilities in their apps on an ongoing basis that results in more secure apps for customers.

Marketplace apps that are participating in the Marketplace Bug Bounty Program are identifiable by the security badge on their Marketplace app listing.

For Cloud Fortified Apps approval, check whether your app has a green checkmark for "This app is part of the Marketplace Bug Bounty Program," as shown below. If it does, you can skip this section and attest to this in the approval checklist.

Marketplace Bug Bounty Program checkmark dialog

Rate this page: