Security

Local installation

JOSF is a local installed application which doesn’t collect and send analyitics to any external parties, including Cerios. All files that are created by JOSF are stored locally.

JOSF has three connections to external parties:

1. A controlled connection is made to the internet to download the required webdrivers. These webdrivers are essential for performing automated tasks, such as controlling browsers. This can be turned off when you don’t want JOSF to make a connection to a third party. Read this article how you can turn it off and upload web drivers manually.
2. It is possible to work as a team on JOSF projects. If enabled, a controlled connection is established with your GIT repository. Read this article if you want to know more about team collobration in JOSF.
3. JOSF makes one outbound request to retrieve dashboard images and logos. This is used to display seasonal visuals (such as Christmas images) or updated branding after a new release.The backend retrieves these images from the following endpoint:
   https://www.josf.nl/media/images/seasonal/
   The request includes the running JOSF version to ensure the correct image is served.
   If you want to block this request entirely, you can adjust the config.json file and add the following setting:
   "allowSeasonImages": false
   With this option disabled, JOSF will no longer make outbound requests for seasonal or dashboard imagery.

Server installation

The JOSF server installation will be installed in your own (cloud) environment. It has the same connections as the local installation.

Signed software

JOSF is signed with an Extended Validation (EV) Code certificate to ensure security and trust. By digitally signing its software, JOSF guarantees that it originates from a verified source and remains untampered during distribution, providing users with confidence in its authenticity and integrity. The name of the signer is Valori Quality Assurance & Testing B.V. and is issued by Sectigo.