We understand your code is extremely important to you and your business. We are trying to be very protective of it and this page describes how we ensure your code is safe. If you have any questions, please contact us.
Last revised on Dec 20, 2017
Our systems are hosted in data centers managed by Amazon Web Services.
For more information see https://aws.amazon.com/security/.
System and Operational Security
- Systems access logged and tracked for auditing purposes
- Firewall to help block unauthorized system access
Connection with the DeepScan website is encrypted over HTTPS and all data is always transmitted over SSL. Source code is transmitted over HTTPS and DeepScan (as a static analysis tool) never executes the source code of users.
DeepScan never stores passwords for external applications like GitHub. Integration with external apps is done via OAuth.
After an analysis, we immediately and completely delete user code from our file system.
As of database, we store only a gathered metrics from the code:
- Grade, current merged issues for the project, detected issues for each analysis, issue statuses
- An issue mainly includes impact, message, location, and code fragment
Your repositories are cloned into our file system with a HTTPS connection.
Once the analysis is finished, the code is directly deleted from our file system.
Like GitHub.com, we do not encrypt repositories on disk because it would not increase security. The website would need to decrypt the repositories, slowing down operations and response times. Any user with shell access to the file system would have access to the decryption routine, thus negating any security it provides. Therefore, we focus on making our machines and network as secure as possible.
Repository data (user code) is stored on the server until deleted by the user. You can delete your data at anytime by deleting the repository or by deleting the account itself.
When you delete your project or account, we immediately delete user code from the file system, data from a database, and a webhook we added to your GitHub repository.
Demo and editor plugins
Demo and current editor plugins (VS Code and Atom) work with our server.
We store the source content transmitted to the server as a temporary file, and the file is completely deleted right after the inspection. Unlike a normal analysis, we never preserve a file nor do we save a derivative result to the database.
We are also developing editor plugins and CLI that embed our analysis engine and require no code transmission.
Have a question or concern about DeepScan security? Please contact us.