JFrog Trust

JFROG compliance

At JFrog, the privacy, security and integrity of your data is a top priority. We comply with major data-protection industry standards and government regulations. We provide tools that will help you do the same.

Learn more about JFrog compliance >

Product Security

JFrog places the utmost importance in the security of our product development lifecycle. JFrog's security teams protect your data using the most stringent security technologies and practices for software development. In particular, we embed security natively throughout our SDLC and “shift left” to detect security issues at the very early stages of the product development process.

Learn more about JFrog product security >

Cloud Security

JFrog SaaS solution is hosted on Amazon AWS, Microsoft Azure, and Google Cloud. We are committed to your privacy and security, with world-class infrastructure and enterprise features to keep your mission-critical JFrog Saas solution safe.

Learn more about JFrog cloud security >

Data Security

JFrog collects, stores and transmits your data with the most stringent and advanced security practices, and with the most modern security technology. JFrog has adopted strict data privacy best practices and data protection technologies, and complies with its internal policies, with industry standards, and with government regulations.

Learn more about JFrog data security >

Security Incident management

JFrog’s cyber security incident response team constantly monitors our products, infrastructure operations and security solutions. JFrog’s security has established a comprehensive strategy and policies to promptly and efficiently respond, notify  and remediate security incidents.

Learn more about JFrog security Incident management >

Report A Vulnerability

The security and quality of our code is a top priority for JFrog. If you find a vulnerability or any other type of security issue in one of our products, please report it to us immediately. Security researchers may be able to participate in a bug bounty program and earn rewards for their findings.

Learn more about how to report a vulnerability >

JFrog Security Advisories Board

JFrog takes the privacy and security of its customers very seriously and always strives to provide prompt notification and remediation of any vulnerabilities discovered on JFrog products. As a CVE Numbering Authority (CNA) , JFrog assigns CVE identification numbers to newly discovered security vulnerabilities.

Advisories Board and latest published bulletins >
Trust security advisor

The JFrog Trust webpage contains forward-looking statements which involve
uncertainties when providing estimated release dates and descriptions for commercial
features. All information regarding forward-looking statements involves known and
unknown risks, uncertainties, and is subject to change.