As developers, we understand the security of your company's source code is extremely important. This page describes select measures we employ to ensure your code is safe. If you have any questions, please don't hesitate to contact us.
datree's physical infrastructure is hosted and managed within Amazon's data centers and utilizes the Amazon Web Service (AWS) technology. Amazon's data center operations have been accredited under:
For more info, please see: https://aws.amazon.com/security
We use SSL/TLS encryption on our web assets to ensure the highest security and data protection standards. We regularly verify our security certificates and encryption algorithms to keep your data safe.
All at-rest sensitive user data is encrypted. We use the industry standard AES-256 encryption algorithm to encrypt your data on our database. Learn more about Encrypting Amazon RDS Resources and Server-Side Encryption with Amazon S3-Managed Encryption Keys.
Our application infrastructure is based on AWS managed services. AWS is responsible for patching systems supporting the delivery of our services. Learn more about AWS shared responsibility model.
Protected and tested backups of our database with 14-day retention. All backups are encrypted. Learn more about Amazon RDS automatic backups.
Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default, all access is denied and only explicitly allowed ports and protocols are allowed based on business requirement. Each system is assigned to a firewall security group based on the system's function. Security groups restrict access to only the ports and protocols required for a system's specific function.
To review Auth0’s security best practices, please see, https://auth0.com/security
Secrets are stored in a secure encrypted store “at rest” and are accessed with an encrypted connection “in motion”. Encryption keys are rotated. Keys are not stored in the code. Learn more about AWS Systems Manager Parameter Store and AWS KMS.
Our platform is built with several micro-services which are accessible through a centralised API Gateway from the outside world using authentication and authorization mechanisms.
All system access and customer access logged and tracked for auditing purposes.
We believe that by making our security statement transparent and our status page updated, interested parties will feel more confident about datree’s practices and processes.
We have a 24/7 on-call personnel responsible for incident response.
When you sign up for datree, we collect an OAuth token from GitHub, which allows us to request data from the GitHub API on your behalf based on the permissions you have granted. This OAuth token is stored securely in our database and is protected from unauthorized access.
We use this token in the following situations, and under no other circumstances than described below:
Under no circumstances does datree write or modify source code or Git metadata in your GitHub repositories, source code from your repositories is accessed read-only for the sole purpose of automatically executing the scans or managing the service hooks on GitHub.
We only manually access your code when explicitly requested by you and only with explicit consent by you, and only to debug and help solve catalog issues.
Other than reading your code component configuration files to populate the catalog with data about code components, people and projects, the only time we access your repository directly is when checking out the source code on one of our scan machines.
Source code is only accessed via HTTPS, using a GitHub token for authentication.
When we finish scanning the repository, we save the repository metadata, code components usage data and organization data. In any case, we don't save a copy of your codebase.
If you find a bug or security issue on our website, please let us know about it by sending an immediate email to firstname.lastname@example.org (and we will send you a fashionable t-shirt to say thanks!).
If you'd like more detail about our security processes, email email@example.com.