The core Joget platform is fully open source
and publicly available for scrutiny. Open source offers much greater transparency compared to fully proprietary solutions, and allows visibility into the source code and inner workings of the platform.
Each commercial version of the Joget platform is continually audited with Micro Focus Fortify On Demand
static application security scans (SAST) to ensure a 5-star rating before every release. Micro Focus is a multi-year leader in the Gartner Magic Quadrant for Application Security Testing, and is compliant with many security standards including FISMA
, PCI 3.2
, DISA STIG 4.3
. This helps to ensure that critical security concerns like the OWASP Top 10
are taken care of at the platform level.
Best Practice: Leverage commercially supported platform editions that have undergone security hardening and audit. Ensure that the platform is deployed in a secure environment, because if the underlying IT infrastructure is insecure, then the entire system will be vulnerable.
#2 Authentication and Single Sign-On
Joget supports the most popular single sign-on (SSO)
authentication standards such as OpenID Connect
, as well as custom authentication implementations. By allowing users to access multiple applications by using a single login, SSO simplifies identity management, reduces security risks and helps with regulatory compliance.
Best Practice: Enable security enhanced directory features, multi-factor authentication (MFA) and/or single sign-on (SSO) in production environments.