• Camunda Receives SOC 2 Type 1 Certification

    Camunda has received a clean SOC 2 Type 1 attestation report. This is a rigorous, independent assessment of our internal security controls.

    Read more
  • Securing Camunda 8 self-managed cluster and applications...

    Directory services are an effective way to manage an organization’s users, groups, printers, devices, and more. Most organizations accomplish this using Active Directory, Apache Directory, Oracle Internet Directory, or other similar tools. Recently I worked with a customer who wanted to see how he could secure the Camunda 8 Platform and process applications with such a directory. Their requirements consisted of: Allowing Directory users to access Camunda applications (Tasklist, Operate, Optimize) Accessing secured Tasklist & Operate APIs from our custom project Securing the custom project In this article, I’ll briefly explain the 3 easy steps taken to fulfill their requirements which include: Federate users from the Directory service into Keycloak Declare an application in Identity to access Camunda APIs Configure...

    Read more
  • Reporting Security Issues

    Maintaining the security of Camunda BPM is an important task for us. In our documentation, we have published our Security Policy which explains how we deal with security issues. Besides our proactive efforts, it is very valuable to us when we get feedback by the community about security issues which may exist in Camunda itself (or much more commonly) in one of the libraries and dependencies we are using. When you report security issues, we can investigate them, assess their impact on different usage scenarios, provide fixes and publish a security notice. To give you an example: In January, Kai Ullrich from Code White approached us and reported that using Camunda’s API, it is possible, once authenticated, to submit a...

    Read more

Ready to get started?

Still have questions?