Atlan adheres to strict security standards for the browser extension. Atlan mandates security throughout the extension coding lifecycle:
- Hardening configurations through content security policies,
- Validating all inputs,
- Requiring least privileges,
- Employing defense-in-depth techniques like code obfuscation to frustrate reverse engineering,
- Accessing customer resources over secure HTTPS channels after SSL certificate verification to prevent tampering.
Atlan follows proven CI/CD methodologies used for our SaaS application, enabling rapid and frequent updates to Atlan's Chrome extension. This allows:
- Patching identified vulnerabilities faster through new releases while simultaneously upholding stability.
- Mandatory code reviews specifically focused on analyzing security to help with identifying issues before these can impact customers.
Once ready, both static and dynamic scanning tools rigorously test the extension codebase for any weaknesses before distribution. Atlan is committed to transparency. If any post-deployment points of concern arise, Atlan will notify impacted customers promptly and address their concerns responsibly.
By incorporating security into each phase — secure architecture, peer reviews, robust testing, and responsible disclosure — Atlan strives to build browser extensions with both user needs and enterprise risks top of mind. Reach out to Atlan support for any questions.