Security & Trust
We build the premier software development integration tools for Atlassian Jira. An original Atlassian Marketplace launch partner (May 2012), over 9,300 companies have put their trust in BigBrassBand to connect source code repositories and more to Jira to add accountability and transparency to their software delivery. We work hard to earn and build on this trust.
- Continuous security and process compliance monitoring by Vanta
- Peer review code reviews required
- Automatic static code analysis scanning
- Source code dependency scanning
- Regular development security training (threat modeling, SSRF, XSS, etc)
- Company-wide security awareness training
- Multi-factor authentication required for core systems
- See specific platform security below
- We host all Jira Cloud applications on Amazon Web Services (AWS); currently all in region: us-east-1
- Contact us if interested in non-USA data hosting
- Data in transit is encrypted using Transport Layer Security (TLS) 1.2+ with Perfect Forward Secrecy (PFS)
- Data at rest is encrypted using industry-standard AES-256 encryption
- Full participation in Bugcrowd Bug Bounty program. See details
- We have the capability to recover data for a specific customer in the case of a failure or data loss.
- Data deleted by Jira admins and Jira users is deleted immediately.
- Retention of backups: 7 days.
- Production data never hosted outside of production AWS account.
- Each customer's data is kept logically segregated from other tenants when at-rest.
- Any requests that are processed by Jira have a "tenant-specific" view so other tenants are not impacted.
- Built on Amazon Web Services.
- View service status and uptime as well as incidents and maintenance at BigBrassBand Cloud status
- Encrypted data backups performed hourly/daily.
- BigBrassBand Support Portal.
- Support SLA.
- Over 9300 companies use BigBrassBand products.
- Regular updates (approximately weekly) in the Atlassian Marketplace for licensed customers.
Compliance and Privacy
- Only officers of BigBrassBand and senior members of the BigBrassBand Operations Team have access to production systems.
- CAIQ-Lite report shared with Atlassian Marketplace Security team
- SOC2 security certification and report expected mid-2021
- Participation in BugCrowd Bug Bounty program. See details
- Git Integration for Jira Server + Data Center runs on on your self-hosted Jira.
- Secured by your Jira and security professionals.
- Jira administrators can configure project permissions.
- Git Integration honors Jira group/user permissions.
- Regular internal security reviews.
- Periodic engagements with external security professionals on audits and external testing for SQL injections, Server-side request forgery, and other attacks.
- Git data is hosted on the Jira server or Jira Data Center nodes.
- Jira administrators control git data via repository and git server integrations.
- Access to Jira server can be controlled via Jira user/group administration.
- Access to Jira server can be restricted via network access (example: require VPN).
Compliance and Privacy
- Git data hosted by customer.
- No "phone home" mechanisms.
- For Jira Server / Data Center only: BigBrassBand does not collect, process, nor store any data from your self-hosted Jira instance. All Git Integration for Jira data is stored on your servers and databases. All Git Integration for Jira app activities are performed in your environment which you control. No entities (including BigBrassBand) are granted access to any data stored on the Jira Server or Jira Data Center instance through the Git Integration for Jira app.