Security
Data security is of utmost importance to JFrog Connect. We invest heavily in securing our infrastructure in close partnership with world-class security experts.
At JFrog Connect, we take the privacy, security and integrity of your data seriously. We adhere to industry standards and comply with relevant security and safety regulations to ensure the security of your data. We are also dedicated to enabling you to comply with your own internal security policies.

Data centers and main subcontractors

To provide the best user experience, we only engage top-tier vendors dedicated to privacy and security values and standards, including the largest cloud hosts and service providers in the market. Our vendors apply various controls to secure data including the use of secured data centers and compliance with the strictest certifications and accreditations.
Connect R&D team is working closely with Amazon web services (AWS) engineers experts department to provide the best in-class cloud solution with the latest security compliance available.

JFrog Connect cloud architecture

Connect servers, databases, storage and cloud environment are all based on AWS products with AES-256 encryption and live zone fallback. combined with an extra layer of security: a separate isolated Amazon Virtual Private Cloud (Amazon VPC ).

Network architecture and ports

Connect edge Agent is based on client-server architecture, with no open ports or running servers on the edge device, to ensure zero-surface for attackers.
Port
Protocol
Description
53
UDP
The edge device uses port 53 to resolve Connect hostnames to communicate with Connect servers.
443
TCP
Connect edge device agent (client-side) and servers (server-side) only communicate with HTTPS TLS encryption, as the industry standard.
All Connect Domains
Static IP
api.connect.jfrog.io
3.127.6.122 35.159.42.141
connect.jfrog.io
3.127.6.122 35.159.42.141
remote.connect.jfrog.io
3.66.25.214
forwarding.connect.jfrog.io
18.158.25.22

User login authentication

Connect uses OAuth 2—An authorization standard that provides secure access to resources of the end-user. It specifies a process allowing third-party access to resources, but without the end-user having to share their credentials. This is commonly used to log into applications using Google, Twitter, and Facebook accounts.

Two-factor authentication

Connect provides Two-factor authentication - an extra layer of security for your Connect account designed to ensure that you're the only person who can access your account, even if someone knows your password.