image result for How Automating Enterprise Code Review Is Vital for Your Organization

Automated code Review: Is your IP safe

Automated code Review: Is your IP safe

At Codegrip, we take all necessary technical and organizational security measures to protect personal data from loss and misuse. On sign up, Codegrip requests permission to access all public repository data. 

User data and platform security is a priority within Codegrip. Codegrip does not process your personal information and is also GDPR compliant, as mentioned in our  privacy policy. Our policy is in line with the best in the industry, like Slack and  Jira. Codegrip asks for specific permissions with unique access tokens, and only on the user’s approval can Codegrip connect with the repositories. We use OAuth 2.0 to connect with your source control. OAuth 2.0 is a protocol that lets your app request authorization to private details in a user’s account without getting their password. 

Just like your source control, your Codegrip account, too, has role-based access control that allows you to define roles and permissions to access the platform. 

 

Codegrip security architecture in detail:-

When you analyze your projects, we access your code from your source control and clone it on our AWS VPC servers, which don’t have any internet connectivity. These private servers are used to analyze your projects, making each analysis an isolated event from the rest of the system. The analysis is mapped and encrypted with your projects using super-fast algorithms for every single project. The encrypted analysis is saved to a secure server location. As soon as the analysis completes, the private server location is destroyed along with the cloned data. The mapped and encrypted analysis will be replaced with a new one each time your project is analyzed so that the user can view the latest results for his analysis.This analysis is inaccessible to anyone except you. All of your code that ever touches our servers is only used for your analysis and then automatically deleted after analysis. If anytime you need to remove your repo from Codegrip, you can delete the repository from the settings sections.

Our servers are hosted on AWS in the USA region, and they get erased and rebuilt multiple times a day. All the data is held on RDS databases is fully encrypted, including all third-party tokens that we used to interact with your code repository.

Codegrip security architecture

Fig:- Codegrip interaction with various technologies.

Codegrip Security features against the competition.

Code review tools address security concerns by adapting various technologies in their product. For example, Codacy analyses the project on independent Dockers without any network access, or Sonar cloud integrates directly with various CI services providers to analyze the repositories solving this, saw an opportunity to address a significant concern of code security.

At Codegrip, we’re combining various technologies like AWS VPC and AWS KMS, a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2. We have taken extra care to follow all the security standards put out by OWASP Top 10 and SANS Top 25, which allowed us to make our platform and all the interactions much more secure. The whole platform goes through automated security scans and custom checks to detect and repel any attempts to get into our systems.

If you have any questions that we can answer for you can simply reach us at team@codegrip.tech

Post a Comment