Maintaining a secure Marketplace is a collective effort shared by Atlassian and our Marketplace Partners. We fulfill this obligation by validating that all third-party apps meet security requirements.
We’ve launched a new capability that scans data center apps listed on the Marketplace to ensure that their codebase does not include any malware or malicious aspects. This will help us monitor and detect security vulnerabilities and improve the overall security posture of our ecosystem.
Our malware scanner for data center apps on the marketplace operates these scanners:
This list may expand in the future as we continue to integrate and roll out new scanners.
Our team will conduct an internal investigation for all findings to ascertain the authenticity and severity of all detected threats to ensure the security of the Marketplace for customers.
In cases of confirmed malware or other malicious activity, the data center application may be removed from the Marketplace.
Each new application will be scanned within 24 hours of being released. All historical versions of an application will be scanned at least once to ensure that we have comprehensive coverage across all data center applications.
No action is required unless you are contacted by our team.
Low severity issues identified by our scanner will be reported via the AMS project in ecosystem.atlassian.net with relevant actions to remediate the issues.
Apps cannot opt out of scanning at this time.
Scanning is designed to be non-intrusive (unless otherwise mentioned). In the event the scanning somehow disrupts app functionality, please submit a request for support on our service desk.
Rate this page: