We understand your code is extremely important to you and your business. We are trying to be very protective of it and this page describes how we ensure your code is safe. If you have any questions, pleasecontact us.
Last revised on March 31, 2023
Our systems are hosted in data centers managed by Amazon Web Services.
For more information seehttps://aws.amazon.com/security/.
Connection with the DeepScan website is encrypted over HTTPS and all data is always transmitted over SSL. Source code is transmitted over HTTPS and DeepScan (as a static analysis tool) never executes the source code of users.
DeepScan never stores passwords for external applications like GitHub. Integration with external apps is done via OAuth.
After an analysis,we immediately and completely delete user code from our file system.
As of database, we store only a gathered metrics from the code:
Your repositories are cloned into our file system with an HTTPS connection.
Once the analysis is finished,the code is directly deleted from our file system.
We do not encrypt repositories on disk because it would not increase security. The website would need to decrypt the repositories, slowing down operations and response times. Any user with shell access to the file system would have access to the decryption routine, thus negating any security it provides. Therefore, we focus on making our machines and network as secure as possible.
Gathered metrics in database are stored on the server until deleted by the user. You can delete your data at anytime by deleting the repository or by deleting the account itself.
When you delete your project or account, we immediately delete data from our database. Also, we delete webhooks we added to your GitHub repository.
Demo andVS Code extension work with our server.
We store the source content transmitted to the server as a temporary file, and the file is completely deleted right after the inspection. Unlike a normal analysis, we never save a derivative result to the database.
We also provide standalone editor plugins and CLI inDeepScan Enteprise, which require no code transmission.
Have a question or concern about DeepScan security? Pleasecontact us.