Our skilled engineers rigorously review and test our products, prioritizing identifying and resolving security issues to maintain the integrity of our products.
Our commitment to excellence in security and privacy is not just a statement - it’s a practice. We undergo independent verification of our controls to help you meet your security, privacy and compliance objectives. Reports are available upon request and under NDA.
CloudBees believes in following DevSecOps practices and investing in dedicated resources to treat security as a top priority in our Software Development Lifecycle.
Our skilled engineers rigorously review and test our products, prioritizing identifying and resolving security issues to maintain the integrity of our products.
We continuously assess our products through a range of security scanning techniques. Our in-house security experts work closely with engineering teams and third-party specialists to conduct thorough penetration tests.
Our products undergo regular security assessments of its products through internal and third-party testing. Security advisories are available here.
CloudBees also leverages HackerOne for its bounty bug programme. To join, please contact security@cloudbees.com.
The Jenkins project has its own disclosure resource for regular Jenkins-related security reports. Any reports submitted via HackerOne that apply to the Jenkins project will be forwarded.
CloudBees Security teams are trained to detect and respond to incidents proactively. They follow protocols and procedures for swift communication and escalation.
Our team of experienced security professionals continuously monitor and mitigate security alerts and events in real-time to secure our environment.
CloudBees mitigates third-party risks by conducting rigorous security reviews for all vendors with any level of access to our systems or corporate data.
CloudBees strives to stay ahead of the curve by regularly updating and reinforcing our security policies. Our Governance, Risk and Compliance (GRC) team monitors compliance and assesses risk to ensure our security measures meet industry standards.
We have a comprehensive set of security policies catering to various topics, ensuring all employees and contractors with access to our information assets are well-informed.
Employees receive Security Awareness Training upon hiring and annually thereafter. Engineers also have access to Secure Code Training. Security updates are communicated through emails, newsletters, and other corporate channels.
CloudBees conducts background checks on new employees as per local regulations, including criminal, education, and employment verification. All hires sign Non-Disclosure and Confidentiality agreements.