Security & Trust

We build the premier software development integration tools for Atlassian Jira. An original Atlassian Marketplace launch partner (May 2012), over 9,300 companies have put their trust in BigBrassBand to connect source code repositories and more to Jira to add accountability and transparency to their software delivery. We work hard to earn and build on this trust.

Atlassian Marketplace

Platinum Partner

SOC 2 Certified

Cloud Fortified

Active Bug Bounty

Security Program

Security

  • Continuous security and process compliance monitoring by Vanta
  • Peer review code reviews required
  • Automatic static code analysis scanning
  • Source code dependency scanning
  • Regular development security training (threat modeling, SSRF, XSS, etc)
  • Company-wide security awareness training
  • Multi-factor authentication required for core systems
  • See specific platform security below

Reliability

Bug Bounty Program

Atlassian introduced the Marketplace Security Bug Bounty Program for Marketplace Partners seeking the highest security standards. The BigBrassBand Bugcrowd Bug Bounty program started on February 11, 2020. All researcher submissions are reviewed by the Bugcrowd Application Security Engineering (ASE) team, scored, and then addressed by the BigBrassBand operations + development teams. BigBrassBand is committed to meeting our internal SLAs as well as those required by Atlassian.

Download latest report

BigBrassBand Cloud products

Security

  • We host all Jira Cloud applications on Amazon Web Services (AWS); currently all in region: us-east-1
  • Contact us if interested in non-USA data hosting
  • Data in transit is encrypted using Transport Layer Security (TLS) 1.2+ with Perfect Forward Secrecy (PFS)
  • Data at rest is encrypted using industry-standard AES-256 encryption
  • Full participation in Bugcrowd Bug Bounty program. See details
  • We are Cloud Fortified, offering additional security, reliability and support through:
    • Cloud security participation
    • Reliability checks
    • 24hr support response time
    • and more
    Learn more about the Cloud Fortified apps program

Data Management

  • We have the capability to recover data for a specific customer in the case of a failure or data loss.
  • Data deleted by Jira admins and Jira users is deleted immediately.
  • Retention of backups: 7 days.
  • Production data never hosted outside of production AWS account.
  • Each customer's data is kept logically segregated from other tenants when at-rest.
  • Any requests that are processed by Jira have a "tenant-specific" view so other tenants are not impacted.

Reliability

  • Built on Amazon Web Services.
  • View service status and uptime as well as incidents and maintenance at BigBrassBand Cloud status
  • Encrypted data backups performed hourly/daily.
  • BigBrassBand Support Portal.
  • Support SLA.
  • Over 9300 companies use BigBrassBand products.
  • Regular updates (approximately weekly) in the Atlassian Marketplace for licensed customers.

Compliance and Privacy

  • Only officers of BigBrassBand and senior members of the BigBrassBand Operations Team have access to production systems.
  • CAIQ-Lite report shared with Atlassian Marketplace Security team
  • SOC2 security certification and report available. Contact security@bigbrassband.com for the report

Important links

Partner links

BigBrassBand Jira Server/Data Center products

Security

  • Participation in BugCrowd Bug Bounty program. See details
  • Git Integration for Jira Server + Data Center runs on on your self-hosted Jira.
  • Secured by your Jira and security professionals.
  • Jira administrators can configure project permissions.
  • Git Integration honors Jira group/user permissions.
  • Regular internal security reviews.
  • Periodic engagements with external security professionals on audits and external testing for SQL injections, Server-side request forgery, and other attacks.

Data Management

  • Git data is hosted on the Jira server or Jira Data Center nodes.
  • Jira administrators control git data via repository and git server integrations.
  • Access to Jira server can be controlled via Jira user/group administration.
  • Access to Jira server can be restricted via network access (example: require VPN).

Reliability

  • Participation in BugCrowd Bug Bounty program. See details
  • BigBrassBand Support Portal.
  • Support SLA.
  • Over 9300 BigBrassBand customers.
  • Monthly updates in the Atlassian Marketplace for licensed customers.
  • Jira Compatibility releases in tandem with Atlassian Jira releases.

Compliance and Privacy

  • Git data hosted by customer.
  • No "phone home" mechanisms.
  • For Jira Server / Data Center only: BigBrassBand does not collect, process, nor store any data from your self-hosted Jira instance. All Git Integration for Jira data is stored on your servers and databases. All Git Integration for Jira app activities are performed in your environment which you control. No entities (including BigBrassBand) are granted access to any data stored on the Jira Server or Jira Data Center instance through the Git Integration for Jira app.

Important links

Don’t see what you’re looking for?

Contact Us

Report a vulnerability

Report