Automated code Review: Is your IP safe
Automated code Review: Is your IP safe
At Codegrip, we take all necessary technical and organizational security measures to make your IP safe and protected. On sign-up, Codegrip requests permission to access all public repository data to automate your code review.
User data and platform security are a priority within Codegrip. Codegrip does not process your personal information and is also GDPR-compliant, as mentioned in our privacy policy. Our policy is in line with the best in the industry, like Slack and Jira.
Codegrip asks for specific permissions with unique access tokens. We connect with the repositories only on the user’s approval. Codegrip uses OAuth 2.0 to connect with your source control. OAuth 2.0 is a protocol that lets your app request authorization to private details.
Just like your source control, your Codegrip account, too, has role-based access control that allows you to define roles and permissions to access the platform. Below, we have discussed the measures to make your IP safe and protected.
Codegrip security architecture in detail:-
When you analyze your projects, then we access your code from your source control and clone it on our AWS VPC servers. Private servers convert these analyses into isolated events.
Superfast algorithms make analysis mapped and encrypted with your projects. The encrypted analysis is saved to a secure server location. As soon as the analysis completes, the private server location is destroyed along with the cloned data.
Must Read: Best Practices for the Perfect Secure Code Review
The mapped and encrypted analysis will be replaced with a new one each time your project is analyzed so that the user can view the latest results for his analysis. This analysis is inaccessible to anyone except you. All of your code that ever touches our servers is only used for your analysis and gets deleted automatically. If anytime you need to remove your repo from Codegrip, you can delete the repository from the settings sections.
Our servers are hosted by Amazon Web Services (AWS), which is based in the United States. It includes all third-party tokens that we used to interact with your code repository.
Recommended read: Intellectual property rights and Code Review
Fig:- Codegrip interaction with various technologies.
Codegrip Security features against the competition
Code review tools address security concerns by adapting various technologies in their product. For example, Codacy analyses the project on independent Dockers without any network access, or Sonar cloud integrates directly with various CI services providers to analyze the repositories solving this, saw an opportunity to address a significant concern of code security.
At Codegrip, we’re combining various technologies like AWS VPC and AWS KMS, a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2. We have taken extra care to follow all the security standards put out by OWASP Top 10 and SANS Top 25, which allowed us to make our platform and all the interactions much more secure.
The whole platform goes through automated security scans and custom checks to detect and repel any attempts to get into our systems. We make sure that Codegrip takes all necessary technical and organizational security measures to make your IP safe and protected.
If you have any questions that we can answer for you can simply reach us at team@codegrip.tech
Automate your code review process.
Sign Up with Codegrip to start for Free!
Liked what you read? Subscribe and get fresh updates.
P.S. Don’t forget to share this post.
