CloudBees Trust Center: Ensuring Security and Compliance

Our commitment to excellence in security and privacy is not just a statement - it’s a practice. We undergo independent verification of our controls to help you meet your security, privacy and compliance objectives. Reports are available upon request and under NDA.

Customer Security

We are committed to protecting our customers through a growing collection of third-party attestations.

SOC 2

We offer SOC 2 Type II attestations for CloudBees Platform and CloudBees Feature Management.

NIST CSF

CloudBees is compliant with the NIST Cybersecurity Framework (CSF) through third-party audits.

SIG

All CloudBees products are subject to routine SIG risk assessments.

Cloud Security Alliance (CSA)

CloudBees Platform is part of the Cloud Security Alliance (CSA) and is publicly listed in the CSA STAR registry

Product Security

CloudBees believes in following DevSecOps practices and investing in dedicated resources to treat security as a top priority in our Software Development Lifecycle.

  • Dedicated Product Security Team

    Our skilled engineers rigorously review and test our products, prioritizing identifying and resolving security issues to maintain the integrity of our products.

  • Secure SDLC Practices

    We continuously assess our products through a range of security scanning techniques. Our in-house security experts work closely with engineering teams and third-party specialists to conduct thorough penetration tests.

  • Vulnerability Management

    Our products undergo regular security assessments of its products through internal and third-party testing. Security advisories are available here.

    CloudBees also leverages HackerOne for its bounty bug programme. To join, please contact security@cloudbees.com.

    The Jenkins project has its own disclosure resource for regular Jenkins-related security reports. Any reports submitted via HackerOne that apply to the Jenkins project will be forwarded.

Privacy Compliance

CloudBees is dedicated to protecting your data and ensures compliance with industry-accepted privacy frameworks.

CCPA

Our commitment to the California Consumer Privacy Act (CCPA) compliance involves independent assessments.

GDPR

CloudBees undergoes external audits of its data and privacy practices to comply with the General Data Protection Regulation (GDPR).

Privacy Policy

We prioritize data privacy, processing only essential information. Our privacy policy promotes transparency and informs you of your data rights. For related requests, please contact privacy@cloudbees.com.

Security Operations

We use enterprise-class security measures to identify and eliminate threats, conducting thorough audits on our applications, systems, and networks to safeguard your security and ours.

Global Security Operations Center

CloudBees Security teams are trained to detect and respond to incidents proactively. They follow protocols and procedures for swift communication and escalation.

Managed Threat Detection and Response

Our team of experienced security professionals continuously monitor and mitigate security alerts and events in real-time to secure our environment.

Vendor Security

CloudBees mitigates third-party risks by conducting rigorous security reviews for all vendors with any level of access to our systems or corporate data.

Governance, Risk and Compliance

CloudBees strives to stay ahead of the curve by regularly updating and reinforcing our security policies. Our Governance, Risk and Compliance (GRC) team monitors compliance and assesses risk to ensure our security measures meet industry standards.

  • Employee Security Policies

    We have a comprehensive set of security policies catering to various topics, ensuring all employees and contractors with access to our information assets are well-informed.

  • Security Awareness & Training

    Employees receive Security Awareness Training upon hiring and annually thereafter. Engineers also have access to Secure Code Training. Security updates are communicated through emails, newsletters, and other corporate channels.

  • HR Security

    CloudBees conducts background checks on new employees as per local regulations, including criminal, education, and employment verification. All hires sign Non-Disclosure and Confidentiality agreements.