Everything is software now!
JFrog Saas solution offers top-notch security for both JFrog products and infrastructure.
As JFrog SaaS solution is dynamic, scalable, and portable, it requires special security controls for workloads and data while at rest and in transit. These security controls allow our end users to scale efficiently.
Customer Account Segregation
JFrog services are operated on a multitenant architecture at both the platform and infrastructure layers that is designed to segregate and restrict access to the customer data hosted on the JFrog platform. The architecture provides a logical data separation for each different customer via a unique ID.
Data Center Security
JFrog’s production environment complies with top-tier providers with the highest data privacy, security standards and practices.
Find out more information about the security of the Amazon, GCP & Azure cloud platforms.
Cloud Protection
As part of our multi-layer protection approach, JFrog uses a cloud provider-managed DDoS mitigation service. JFrog utilizes a next-gen WAF, an API protection, advanced rate limiting and bot protection.
Cloud security hygiene
Cloud security scanning tools (including next-gen CSPM solutions) are used regularly to enforce security best practices.
Least privilege
JFrog has defined access roles for each system and service based on least- privilege principle.
Preventive protection
JFrog has defined global cloud security policies at the organizational level to prevent the creation of misconfigured resources.
IaC security
Infra as Code is used as a crucial pillar that aligns DevOps, Security, and compliance for infrastructure management processes.
Image & container hardening
All JFrog application images are constructed using hardened base images and deployment configurations for maximum security.
Images are being scanned using JFrog’s Xray as part of our CI build process.
Architecture
JFrog SaaS solution has a well architected, secured, high-performing, resilient, and efficient infrastructure for JFrog products and workloads. JFrog supports hybrid solutions for customers wishing to combine self-managed with SaaS solution, on any of the three major cloud providers: Google Cloud Platform (GCP), Amazon Web Services (AWS), and Microsoft Azure.
JFrog offers a multi-tier architecture for your deployment including high-availability systems, backups and more.
Real Time Platform Status
JFrog communicates the status of our platform and its incidents https://status.jfrog.io/.
