Our skilled engineers rigorously review and test our products, prioritizing identifying and resolving security issues to maintain the integrity of our products.
CloudBees Trust Center
Our commitment to excellence in security and privacy is not just a statement - it’s a practice. We undergo independent verification of our controls to help you meet your security, privacy and compliance objectives. Reports are available upon request and under NDA.
Customer Security
We are committed to protecting our customers through a growing collection of third-party attestations.
ISO/IEC 27001:2022
CloudBees Information Security Management System (ISMS) and CloudBees Platform are ISO certified.
SOC 2
We offer SOC 2 Type II attestations for CloudBees Platform, CloudBees Feature Management, and Launchable.
Cloud Security Alliance (CSA)
CloudBees is listed on the Security, Trust, Assurance, and Risk (STAR) Registry of the Cloud Security Alliance (CSA).
NIST Cybersecurity Framework (CSF)
CloudBees is compliant with the NIST CSF 2.0 through third-party audits.
Standardized Information Gathering (SIG)
All CloudBees products are subject to routine SIG risk assessments to ensure customer security and compliance.
VPAT
CloudBees CI conforms to accessibility standards such as the Web Content Accessibility Guidelines (WCAG).
Product Security
CloudBees believes in following DevSecOps practices and investing in dedicated resources to treat security as a top priority in our Software Development Lifecycle.
Dedicated Product Security Team
Secure SDLC Practices
We continuously assess our products through a range of security scanning techniques. Our in-house security experts work closely with engineering teams and third-party specialists to conduct thorough penetration tests.
Vulnerability Management
Our products undergo regular security assessments of its products through internal and third-party testing. Security advisories are available here.
CloudBees also leverages HackerOne for its bounty bug programme. To join, please contact security@cloudbees.com.
The Jenkins project has its own disclosure resource for regular Jenkins-related security reports. Any reports submitted via HackerOne that apply to the Jenkins project will be forwarded.
Privacy Compliance
CloudBees is dedicated to protecting your data and ensures compliance with industry-accepted privacy frameworks.
CCPA
Our commitment to the California Consumer Privacy Act (CCPA) compliance involves independent assessments.
GDPR
CloudBees undergoes external audits of its data and privacy practices to comply with the General Data Protection Regulation (GDPR).
Privacy Policy
We prioritize data privacy, processing only essential information. Our privacy policy promotes transparency and informs you of your data rights. For related requests, please contact privacy@cloudbees.com.
Security Operations
We use enterprise-class security measures to identify and eliminate threats, conducting thorough audits on our applications, systems, and networks to safeguard your security and ours.
Global Security Operations Center
CloudBees Security teams are trained to detect and respond to incidents proactively. They follow protocols and procedures for swift communication and escalation.
Managed Threat Detection and Response
Our team of experienced security professionals continuously monitor and mitigate security alerts and events in real-time to secure our environment.
Vendor Security
CloudBees mitigates third-party risks by conducting rigorous security reviews for all vendors with any level of access to our systems or corporate data.
Governance, Risk and Compliance
CloudBees strives to stay ahead of the curve by regularly updating and reinforcing our security policies. Our Governance, Risk and Compliance (GRC) team monitors compliance and assesses risk to ensure our security measures meet industry standards.
Employee Security Policies
We have a comprehensive set of security policies catering to various topics, ensuring all employees and contractors with access to our information assets are well-informed.
Security Awareness & Training
Employees receive Security Awareness Training upon hiring and annually thereafter. Engineers also have access to Secure Code Training. Security updates are communicated through emails, newsletters, and other corporate channels.
HR Security
CloudBees conducts background checks on new employees as per local regulations, including criminal, education, and employment verification. All hires sign Non-Disclosure and Confidentiality agreements.
Get in touch with us today!
We can provide attestations and additional resources upon request.
