JFrog is a SOC 2-compliant company. This means the firm voluntarily agrees to conform to and report about its SOC 2®-level System and Organization Controls, whose standards are set forth and maintained by the American Institute of Certified Public Accountants (AICPA). These customer data management standards are based upon five trust service principles:
-
Security
-
Availability
-
Processing Integrity
-
Confidentiality
-
Privacy
All of JFrog’s development processes and methodologies are audited to verify that we’re properly addressing these concerns. In addition, the JFrog Unified Platform periodically undergoes security testing by external, industry-leading third-party companies, which includes penetration tests and threat modeling. Additionally, there are JFrog-managed bug bounty reward and vulnerability disclosure programs. As part of these tests, our products are checked to address items on the Top 10 Web Application Security Risks of the Open Web Application Security Project® (OWASP), including cross-site scripting (XSS), and injection, usage of components with known vulnerabilities, as well as cross-site request forgery (CSRF). Any issues that are by those tests are addressed and fixed according to their severity.