JFrog Trust Cloud Security

Everything is software now!

JFrog Saas solution offers top-notch security for both JFrog products and infrastructure.
As JFrog SaaS solution is dynamic, scalable, and portable, it requires special security controls for workloads and data while at rest and in transit. These security controls allow our end users  to scale efficiently.

Customer Account Segregation 

JFrog services are operated on a multitenant architecture at both the platform and infrastructure layers that is designed to segregate and restrict access to the customer data hosted on the JFrog platform. The architecture provides a logical data separation for each different customer via a unique ID.

Data Center Security

JFrog’s production environment complies with top-tier providers with the highest data privacy, security standards and practices.
Find out more information about the security of the
Amazon,  GCP & Azure cloud platforms. 

Cloud Protection

As part of our multi-layer protection approach, JFrog uses a cloud provider-managed DDoS mitigation service. JFrog utilizes a next-gen WAF, an API protection, advanced rate limiting and bot protection.

Cloud security hygiene

Cloud security scanning tools (including next-gen CSPM solutions) are used regularly to enforce security best practices.

Least privilege

JFrog has defined access roles for each system and service based on least- privilege principle.

Preventive protection

JFrog has defined global cloud security policies at the organizational level to prevent the creation of misconfigured resources.

IaC security

Infra as Code is used as a crucial pillar that aligns DevOps, Security, and compliance for infrastructure management processes.

Image & container hardening

All JFrog application images are constructed using hardened base images and deployment configurations for maximum security.

Images are being scanned using JFrog’s Xray as part of our CI build process.

Architecture

JFrog SaaS solution has a well architected, secured, high-performing, resilient, and efficient infrastructure for JFrog products and workloads. JFrog supports hybrid solutions for customers wishing to combine self-managed with SaaS solution, on any of the three major cloud providers: Google Cloud Platform (GCP), Amazon Web Services (AWS), and Microsoft Azure.

JFrog offers a multi-tier architecture for your deployment including high-availability systems,  backups and more.

Trust


Real Time Platform Status 

JFrog communicates the status of our platform and its incidents https://status.jfrog.io/.

Powering the Software
that Powers the World

It’s our Liquid Software vision to automatically deliver software
packages seamlessly and securely from any source to any device.