to select ↑↓ to navigate
Customer Guide

Customer Guide

Open in ChatGPT
Ask ChatGPT about this page
Open in Claude
Ask Claude about this page

What security testing is done?

Security Is a Continuous Process

Modern cloud platforms operate in a constantly evolving threat landscape. New vulnerabilities are discovered regularly in operating systems, application frameworks, and third-party dependencies.

Maintaining security therefore requires a continuous process of identifying, evaluating, and resolving potential weaknesses in the platform.

Frappe Cloud follows a structured vulnerability management process designed to detect and address security risks before they can be exploited.


Vulnerability Sources

Security vulnerabilities can originate from several sources, including:

  • Operating system packages
  • Application frameworks
  • Third-party libraries
  • Infrastructure configuration
  • Application code

Because Frappe Cloud runs a large ecosystem of open-source software, monitoring and addressing vulnerabilities is an ongoing operational responsibility.


Vulnerability Detection

Potential vulnerabilities may be identified through several channels:

  • Internal security reviews
  • Automated dependency monitoring
  • Infrastructure security scanning
  • External security research
  • Responsible disclosure by the community
  • Customer-reported security issues

Open-source software ecosystems often benefit from strong community oversight, which helps surface potential vulnerabilities quickly.


Vulnerability Classification

When a potential vulnerability is identified, it is evaluated based on its severity and potential impact.

Examples include:

  • Low severity – minimal security impact
  • Medium severity – limited exploitability or operational impact
  • High severity – potential compromise of system integrity
  • Critical severity – risk of unauthorized access or data exposure

Security vulnerabilities are treated as high-priority issues and are handled through the platform’s incident management process.


Patch and Remediation Process

Once a vulnerability is confirmed, remediation actions may include:

  • Updating vulnerable software packages
  • Deploying patched versions of dependencies
  • Modifying infrastructure configuration
  • Deploying application fixes

Critical vulnerabilities are prioritized for immediate remediation, while lower severity issues are addressed through scheduled release cycles.

The open-source nature of Frappe Framework and ERPNext allows security fixes to be reviewed, patched, and distributed quickly.


Security Updates and Releases

Software updates are an essential part of maintaining platform security.

Frappe Cloud provides mechanisms to deploy updates across customer environments through controlled upgrade processes.

These updates may include:

  • Framework security patches
  • Dependency updates
  • Infrastructure improvements
  • Platform security enhancements

Customers can apply updates using the upgrade tools provided in the Frappe Cloud dashboard.


Responsible Disclosure

Security researchers and members of the open-source community play an important role in improving platform security.

When vulnerabilities are discovered, responsible disclosure practices encourage researchers to report them privately so that they can be investigated and resolved before public disclosure.

Frappe encourages responsible reporting of security vulnerabilities and investigates such reports promptly.


Security Culture in an Open Ecosystem

Because the Frappe ecosystem is open source, the code powering the platform is publicly visible and auditable.

While this transparency requires careful security practices, it also allows:

  • Independent review by developers
  • Faster identification of issues
  • Community participation in improving security

This collaborative ecosystem contributes to the long-term security and resilience of the platform.


Last updated 2 weeks ago
Was this helpful?
Thanks!