Data security is of utmost importance to JFrog. We invest heavily in securing our infrastructure in close partnership with world-class security experts.


At JFrog Connect, we take the privacy, security, and integrity of your data seriously. We adhere to industry standards and comply with relevant security and safety regulations to ensure the security of your data. We are also dedicated to enabling you to comply with your own internal security policies.

Data centers and main subcontractors

To provide the best user experience, we only engage top-tier vendors dedicated to privacy and security values and standards, including the largest cloud hosts and service providers in the market. Our vendors apply various controls to secure data including the use of secured data centers and compliance with the strictest certifications and accreditations.
Connect R&D team is working closely with Amazon web services (AWS) engineers experts department to provide the best-in-class cloud solution with the latest security compliance available.

JFrog Connect cloud architecture

Connect servers, databases, storage, and cloud environment are all based on AWS products with AES-256 encryption and live zone fallback. combined with an extra layer of security: a separate isolated Amazon Virtual Private Cloud (Amazon VPC ).

Overall Network Architecture

Connect edge Agent is based on client-server architecture, with no open ports or running servers on the edge device, as all communication is via outbound requests to ensure zero surfaces for attackers.
The edge device uses port 53 to resolve Connect hostnames to communicate with Connect servers.
Connect edge device agent (client-side) and servers (server-side) mainly communicates with HTTPS TLS encryption, as the industry standard.
To make use of Connect accessibility features, make sure that the following domains/IPs are whitelisted:
All Connect Domains
Static IP

Remote Control/Access

Remote accessibility features allow the user to directly connect to the edge's client (device).
All requests are outbound from the device to Connect servers.
In case there are strict network policies, make sure to allow outbound requests as described below.

Remote Control Remote Access

Static IP
Static IP
Will try 22 at first, then 443, then 80.