JFrog Trust Shared Security Responsibility Model

Shared Security Responsibility Model

The Shared Security Responsibility Model is a framework embraced by many cloud service providers such as Amazon AWS, Slack, Google, and Microsoft, to describe the specific security responsibilities assigned to both the customer and the cloud provider.

Within this framework:

  • JFrog is responsible for the security of the cloud itself.
  • The Customer responsible for the security within their cloud platform and for aligning with their organization’s information security standards.



JFrog’s Responsibility: Security of the Cloud

JFrog is responsible for the security of the infrastructure that underlies all JFrog Cloud services. In addition, JFrog is responsible to provide features you can use to secure the data that  you host in the JFrog Cloud.


Your Responsibility: Security in the Cloud

JFrog SaaS/Cloud customers are responsible for the policy, information and user accounts hosted in the cloud. For example, setting the right users’ permissions, avoid using anonymous access, enforcing multi-factor authentication, remove unnecessary users, use an access control (e.g. IP whitelist), and reviewing activity log for abnormal activity.

Powering the Software
that Powers the World

It’s our Liquid Software vision to automatically deliver software
packages seamlessly and securely from any source to any device.