JFrog Logo JFrog Logo
  • プロダクト
  • ソリューション
  • 開発者
  • リソース
  • パートナー
  • 価格
  • JFrogのパートナーになる >
  • JFrogのパートナーを検索 >
  • サポート >
  • コミュニティ >
  • ドキュメント >
ユースケース
  • アーティファクト管理 >
    拡張性に優れたバイナリ・ライフサイクル管理
  • セキュリティとコンプライアンス >
    信頼の確保、要求への対応
  • CI/CD >
    高度なパイプライン自動化
  • Edge & IoT >
    ボタンをクリックするだけで、コネクテッドデバイスを大規模に管理できます。
業種別
  • 金融業界 >
  • 自動車業界 >
  • ヘルスケア業界 >
  • テクノロジー&ソフトウェア業界 >
  • ゲーム業界 >
  • 公共機関 >
Diagram
JFrogにより、DevOpsのワークフローは有効になります。
JFrogインテグレーションについて調べる >
学習とガイド
  • ユーザーガイド >
  • ナレッジベース >
  • JFrog Academy >
  • DevOpsコンサルティング >
  • DevOps認定 >
  • ウェビナー >
  • ワークショップ >
  • DevOpsツールとは? >
各種資料
  • リソースセンター >
  • JFrogブログ >
カスタマーゾーン
  • サポート >
    カスタマーサポート、チケット、コミュニティ
  • 管理とトラブルシューティング >
    更新、ライセンスの取得、リーガルなど
  • MyJFrog >
    クラウド・カスタマーポータル
  • クラウドステータス >
    サービスステータスとイベントのサブスクリプション
  • JFrogの信頼性 >
    お客様とお客様のデータを保護する方法
The JFrog Platform
エンドツーエンドのソフトウェア管理とリリース
詳細はこちら
JFrog Artifactory
エンタープライズ向けユニバーサル・リポジトリ・マネージャー
Xray Logo
JFrog Xray
=コンテナセキュリティとユニバーサルアーティファクト分析
JFrog Connect
JFrog Connect
接続デバイス用のDEVOPS
Distribution icon
JFrog Distribution
信頼できるソフトウェアリリース
JFrog Container Registry
JFrog Container Registry
DockerとHelmに対応した強力なハイブリッド・レジストリ
JFrog Pipelines
JFrog Pipelines
エンタープライズ向けユニバーサルCI/CD DevOpsパイプライン
En Fr De
無料版を試す
  • プロダクト
      • The JFrog Platform
        エンドツーエンドのソフトウェア管理とリリース
      • JFrog Artifactory
        エンタープライズ向けユニバーサル・リポジトリ・マネージャー
      • JFrog Xray
        =コンテナセキュリティとユニバーサルアーティファクト分析
      • JFrog Connect
        接続デバイス用のDEVOPS
      • JFrog Distribution
        信頼できるソフトウェアリリース
      • JFrog Container Registry
        DockerとHelmに対応した強力なハイブリッド・レジストリ
      • JFrog Pipelines
        エンタープライズ向けユニバーサルCI/CD DevOpsパイプライン
  • ソリューション
    • ユースケース
      • アーティファクト管理
        拡張性に優れたバイナリ・ライフサイクル管理
      • セキュリティとコンプライアンス
        信頼の確保、要求への対応
      • CI/CD
        高度なパイプライン自動化
      • Edge & IoT
        ボタンをクリックするだけで、コネクテッドデバイスを大規模に管理できます。
    • 業種別
      • 金融業界
      • 自動車業界
      • ヘルスケア業界
      • テクノロジー&ソフトウェア業界
      • ゲーム業界
      • 公共機関
  • 開発者
      • コミュニティ
      • ドキュメント
  • リソース
    • 学習とガイド
      • ユーザーガイド
      • ナレッジベース
      • JFrog Academy
      • DevOpsコンサルティング
      • DevOps認定
      • ウェビナー
      • ワークショップ
      • DevOpsツールとは?
    • 各種資料
      • リソースセンター
      • JFrogブログ
    • カスタマーゾーン
      • サポート
        カスタマーサポート、チケット、コミュニティ
      • 管理とトラブルシューティング
        更新、ライセンスの取得、リーガルなど
      • MyJFrog
        クラウド・カスタマーポータル
      • クラウドステータス
        サービスステータスとイベントのサブスクリプション
      • JFrogの信頼性
        お客様とお客様のデータを保護する方法
  • パートナー
      • JFrogのパートナーになる
      • JFrogのパートナーを検索
      • サポート
  • 価格
  • Self Hosted Terms and Conditions
    • Self Hosted Terms and Conditions
    • Enterprise + Distribution Edge Addendum
    • Previous Versions
  • Cloud Terms and Conditions
    • Cloud Terms and Conditions
    • Container Registry Cloud
    • Previous Versions
  • About Box
  • Support
    • Standard SLA
    • Platinum Support & SLA
  • Privacy and Security
    • JFrog Cloud Data Processing Addendum
    • JFrog Technical and Organizational Measures
    • JFrog Trust Center
    • JFrog Privacy Center
    • JFrog Privacy Policy
    • JFrog Cookies Policy
  • Enterprise Devops Consulting Services Agreement
  • JFrog Brand Guidelines
  • Website Terms of Use

JFrog Technical and Organizational Measures

Last Updated: January 1, 2023

JFrog will maintain the following Technical and Organizational Measures (TOMs):

Application and Infrastructure Control
  • JFrog’s Cyber Incident Response Team (CIRT) constantly monitors our products, infrastructure operations and security solutions. JFrog’s security team has established a comprehensive strategy and policies to respond, notify, and remediate security incidents promptly and efficiently.
  • JFrog’s CIRT continuously monitors our products’ logs, infrastructure operations and systems audit logs in our internal Security Information and Event Management (SIEM) to detect potential incidents promptly and efficiently. As part of this ongoing effort, the CIRT investigates and responds to reports from bug bounty programs, vulnerability disclosure programs, automated scanners, customer support portal and dedicated email inbox.
  • To ensure prompt and efficient response time, our Security Operations Center (SOC) is staffed with highly qualified and experienced security experts, who work to fulfill our internal SLA policy.
Internal Controls
  • JFrog has defined access roles for each system and service based on least privilege principle. Access to all our applications is possible only via Single Sign-on (SSO) and 2-factor authentication (2FA) with strong password policies.
  • JFrog requires that its employees use a password manager to ensure that they use unique and complex passwords and store them in a secure vault.
  • JFrog uses a zero-trust solution to securely connect our employees, devices, and apps over JFrog’s internal network. Our zero-trust solution provides Web and URL filtering, sandboxing, cloud firewall, CASB and DLP.
  • JFrog engineers connect to our production resources using an advanced 2FA and just-in-time access solution, which allows us to employ the principle of least privilege and conduct a full audit.
  • JFrog laptops are equipped with encryption technology that is turned on by default, along with advanced anti-malware software.
  • JFrog uses email protection solutions designed to prevent malware, zero-day attacks, phishing, Business Email Compromise (BEC), spam and N-days.
  • JFrog employees receive mandatory data protection and cyber security awareness training as part of their onboarding, as well as ongoing training thereafter. Moreover, employees receive ongoing security education training about topics such as phishing, password management, secure development, and security best practices for operating cloud accounts.
Security Events
  • JFrog’s CIRT works with external incident response experts to assist us with emergency security incidents. As part of our comprehensive vulnerability management process, JFrog’s CIRT runs continuous and automated vulnerability scans of all our assets; prioritizes vulnerability fixes and releases patches quickly.
Standards
  • JFrog is certified under ISO 27001, the global standard for IT security management policies. ISO 27001 is a framework for Information Security Management Systems (ISMS) that enables the continued confidentiality, integrity and availability of information, which includes people, processes, and IT systems, its objective is to provide requirements for establishing, implementing, maintaining, and continuously improving an ISMS.
  • JFrog is certified under ISO 27701, the data privacy extension to ISO 27001/2. This Privacy Information Management System (PIMS) outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage privacy controls and to reduce the risk to the privacy rights of individuals.
  • JFrog engages Ernst & Young to audit its system and organization controls report – SOC 2 Type II Report. This auditing procedure ensures we securely manage and protect our customer’s data. This Report is validated and updated annually and is a key document that outlines and certifies the ways in which JFrog achieves and maintains compliance and control objectives.

The following TOMs apply only to JFrog Cloud Subscriptions:

Access Control
  • Each cloud customer account is (i) deployed with a unique ID to guarantee adequate separation; (ii) granted its own unique and narrow role, based on least privilege principle. Permissions are granted as required to perform tasks and access shared resources, such as databases and cloud object storage.
  • The default and automatic deployment of the JFrog Platform is on a shared environment including the following resources:
    • The load balancer is a shared component at the region level;
    • The applications’ database schema and role are dedicated for each customer.
    • The applications’ database and file store are deployed using a cloud provider managed service, shared at the region level;
    • Each customer has its own unique role with permissions for their own files.
  • JFrog Platform uses managed object storage and databases from the major cloud providers.
Data Encryption
  • Data in transit is defined as data that is actively transferring between different destinations (e.g., applications to databases or object storage) over the same network or over the internet. In the JFrog Platform, Customer Data is encrypted in transit using HTTPS with TLS V1.2.
  • Data at rest is defined as data that is physically stored and hosted in any digital form (e.g., cloud storage, databases, data warehouses, or cloud backups) and not actively transferring between different destinations. In the JFrog Platform, all hosted data at rest is securely stored in a database and object storage using 256-bit AES encryption.
Application and Infrastructure Control
  • As part of our multi-layer cloud protection approach, a dedicated DDoS mitigation ecosystem has been put in place. JFrog utilizes anti-DDoS protection, a next-gen WAF, an API protection tool, advanced rate limiting and bot protection
Network Control
  • JFrog has appropriate network perimeter defense solutions in place, to monitor, detect, and prevent malicious network activity and restrict access to authorized users and services.
Backup
  • JFrog maintains an internal backup solution for the Artifactory instance, by replicating the storage and database to a different region in the same continent.
Business Continuity Plan and Disaster Recovery Plan
  • JFrog will maintain a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) consistent with industry best practices for the JFrog Platform, which will be tested at least annually. In addition, the BCP and DRP will ensure: (i) that installed systems used to provide the JFrog Platform will be restored in case of interruption; (ii) JFrog’s ability to restore the availability and access to the Customer Data in a timely manner in the event of a physical or technical incident; and (iii) the ongoing confidentiality, integrity, availability, and resilience of systems JFrog uses to provide the JFrog Platform.
Standards
  • JFrog is certified under ISO 27017, the global security standard for cloud service providers and users. ISO 27017 provides guidance on the information security aspects of cloud computing, to make a safer cloud-based environment and reduce the risk of security issues.

製品

  • JFrog Artifactory
  • JFrog Xray
  • JFrog Pipelines
  • JFrog Distribution
  • JFrog Container Registry
  • JFrog Connect
  • The JFrog Platform
  • 無料ではじめる

リソース

  • 開発ツール
  • ブログ
  • Blog(英語)
  • Events
  • ユーザーガイド
  • Open Source
  • Featured
  • JFrog 信頼性
  • インテグレーション
  • Compare JFrog

JFrog について

  • 会社概要
  • 経営陣
  • 投資家情報 (英語のみ)
  • パートナー
  • お客様事例
  • 採用
  • プレス
  • お問い合わせ
  • ブランド・ガイドライン

Community (英語のみ)

  • Community
  • Downloads
  • Community Events
  • Open Source Foundations
  • Community Forum
  • Superfrogs
日本語
  • En
  • Fr
  • De
  • 日本語
Follow Us
© 2023 JFrog Ltd All Rights Reserved
JFrog Logo
Terms of Use | Privacy Policy | Cookies Policy |
Cookies Settings
| Accessibility Mode

Success

Your action was successful

Oops... Something went wrong

再度、実行してください

Information

frog hand

Modal Message

Vdoo is now part of JFrog

helping to deliver secure software updates from code to the edge.
You have been redirected to the JFrog website