Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Overview

Grafana Labs is committed to maintaining the highest standards of data privacy and security. By implementing industry-standard security technologies and procedures, we help protect our customers’ data from unauthorized access, use, or disclosure.

Compliance

CSA STAR Logo
CSA STAR
FIPS 140-2 Logo
FIPS 140-2
GDPR Logo
GDPR
ISO 22301 Logo
ISO 22301
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
Microsoft SSPA Logo
Microsoft SSPA
PCI DSS Logo
PCI DSS
SOC 2 Logo
SOC 2
Start your security review
View & download sensitive information
Ask for information
Network Diagram
Pentest Report
GDPR
ISO 22301
ISO 27001
ISO 27001 SoA
PCI DSS
SOC 2
HECVAT Full
SIG Lite
VSA Core
Private Data Source Connect
Data Access
Logging
Password Security
BC/DR
Access Control Policy
All Related Policies
Asset Management Policy
Business Continuity Policy
Data Classification Policy
Data Security Policy
Encryption Policy
General Incident Response Policy
Information Security Policy
Password Policy
Risk Management Policy
Software Development Lifecycle
Third Party Personnel Policy
Code of Conduct

Risk Profile

Data Access LevelInternal
Impact LevelSubstantial
Critical DependenceYes
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Network Diagram
Pentest Report
Software Bill of Materials (SBoM)
View more

Self-Assessments

CAIQ
HECVAT Full
SIG Lite
View more

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Responsible Disclosure
Code Analysis
Credential Management
View more

Data Privacy

Cookies
Data Breach Notifications

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
Anti-DDoS
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management
View more

Network Security

Data Loss Prevention
Firewall
Spoofing Protection
View more

Corporate Security

Email Protection
Employee Training
HR Security
View more

Policies

Access Control Policy
All Related Policies
Anti-Malicious Software Policy
View more

Security Grades

CryptCheck
Grafana.com
HSTS Preload List
grafana.com
ImmuniWeb
Grafana
A-
View more

Trust Center Updates

Vulnerability - Ivanti Connect Secure and/or Ivanti Policy Secure Gateway products

VulnerabilitiesCopy link

Grafana Labs does not utilize the Ivanti Connect Secure and/or Ivanti Policy Secure Gateway products in our environment.

We do not leverage this technology/software within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.

Published at N/A

Vulnerability - MOVEit

VulnerabilitiesCopy link

Grafana Labs is not Impacted by MOVEit Vulnerabilities

The security team here at Grafana Labs has become aware of the news surrounding a high impact MOVEit vulnerability.

We want our users to know that Grafana Labs has not been impacted by this vulnerability, including from our subprocessors online.

We do not leverage this technology/software within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.

Published at N/A

Vulnerability - OpenSSL Information

IncidentsCopy link

How the OpenSSL vulnerability affects Grafana Labs November 2, 2022 - 2 min OpenSSL have released details for CVE-2022-3786 and CVE-2022-3602 in OpenSSL v3.x with impact assessed by OpenSSL as HIGH. In response, Grafana Labs has reviewed our projects and products, and here is what we found.

How it affects Grafana binary releases, including Grafana Agent The majority of Grafana Labs’ core software is written in Go and relies on Go’s built-in TLS implementation. This implementation is independent of OpenSSL and does not contain the same vulnerabilities. As such, the binary releases of Grafana, Grafana Agent, Grafana Tempo, Grafana Loki, and Grafana Mimir are not impacted by these OpenSSL CVEs.

How it affects Grafana Cloud In Grafana Cloud, we rely upon Cloud providers and off-the-shelf software rather than implementing SSL/TLS within our own software. We have confirmed that our Cloud platforms are protected by non-impacted or appropriately patched SSL/TLS implementations.

How it affects containerized releases (Grafana Agent, Grafana Enterprise, and containerized OSS packages) In many cases, we also offer containerized releases of our software. These releases may contain vulnerable versions of OpenSSL, but we do not have any evidence to indicate that they are vulnerable to remote code execution as a result of these vulnerabilities. We will release updated versions imminently.

All Grafana Labs packages containing potentially vulnerable OpenSSL dependencies will be patched and new releases will be made public as upstream patches become available.

Reporting security issues If you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs’ open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is

F988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA

The key is available from keyserver.ubuntu.com.

Security announcements We maintain a security category (https://grafana.com/tags/security/?pg=blog&plcmt=body-txt) on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.

You can also subscribe to our RSS feed (https://grafana.com/tags/security/index.xml) for updates.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo