Security at GuardRails
This page provides an overview of the security measures taken by GuardRails to protect source code, vulnerability data and user data hosted on our platform from unauthorized access. Where relevant, we include links to security guidelines and resources developed by third parties.
GuardRails is using GoogleCloud to provide its services. All data is stored encrypted at rest and continuously backed up to an offsite backup storage.
Google's data centers employ a set of advanced physical, network and software security measures to ensure integrity and safety of customers’ data. Among others, these measures include:
- Secure access: Data transferred between GuardRails servers and GitHubs facilities is secured via SSL endpoints using the HTTPS protocol.
- Multi-factor authentication: Use of multi-factor authentication is enforced for all services used by GuardRails thus reducing the risk of unauthorized access.
Source code under test is only stored for the duration of the security sans. After the scans have completed the source code repository is deleted immediately.
GuardRails uses a secure channel using 256-bit SSL (Secure Socket Layers) encryption, the standard for secure Internet connections for all the traffic between desktop clients, mobile devices and our servers as well. All SSL termination points are hardened to provide highest levels of security.
GuardRails uses Let's Encrypt certificates to ensure untampered and short lived certificates.
We encourage responsible reporting of security vulnerabilities and software bugs. In the case that you found a vulnerability, please report it to firstname.lastname@example.org and abstain from publicly announcing it before it is fixed. Please note that we discourage attempts to gain illegitimate access to another user's account or data, compromise the reliability and/or integrity of our services, and use of automated tools to find vulnerabilities.
Our community plays an important role in helping us stay bug-free and secure.