codigy

×

Security policy

We take security seriously and welcome any feedback or reporting of security issues. This page contains a summary of all measures we employ to ensure the safety of your code:

  1. Secure access & communications
  2. Integration via Bitbucket: Full code base is never stored on Codigy servers
  3. Integration via SSH key
  4. Access to your information
  5. Reporting a security concern

1. Secure access

1.1 OAuth & API access
Codigy never collects or stores passwords for external applications like GitHub, Bitbucket, GitLab, Google. 

Account access and integrations are done via OAuth or API keys.

2. Integration via Bitbucket: Full code base is never stored on Codigy servers

2.1 Encrypted connections

All access to the Codigy website as well as source code retrieval for Bitbucket is restricted to HTTPS encrypted connections.

2.2 One-by-one analysis
Commits from your repositories are downloaded and analyzed one by one.

2.3 Commit source code is deleted within 1 hour
After commit is analyzed, Codigy keeps the metadata and erases the commit source code within 1 hour.

2.4 No source code in long-term storage

Further analysis is based on meta information that Codigy stores until account is deleted upon Account owner request:

This meta information is needed to provide essential services and can only be deleted if Account owner chooses to close the account and discontinue Codigy subscription.

 

2.5 Recalculation in case of algorithm changes

If Codigy algorithm is significantly changes or new feature is introduced, Codigy will repeat the procedure described in 2.1 and 2.2.
 
At no point during service period is your entire code base present on Codigy servers.

3. Integration via SSH key

3.1 Repositories are cloned and stored on Codigy server
If integration to Codigy service is done via SSH key, it is impossible to receive commits one by one, so all repositories are clone and stored on Codigy servers.

3.2 Full deletion upon request

As this information is needed to provide essential services it can only be deleted if Account owner chooses to close the account and discontinue Codigy subscription.

4. Access to your information

4.1 Codigy staff will not access private source code unless required for support reasons.

This can happen if:

4.2 In cases where staff must access source code in order to perform support, we will get your explicit consent each time, except when responding to a critical security issue.

4.3 While resolving a support case we do our best to respect your privacy as much as possible. Codigy staff will only access the minimum files and information needed to resolve your issue. Staff does not have direct access to clone your repository.

5. Reporting a security concern

5.1 Your input and feedback on our security is always appreciated. If you've discovered a security concern, please email us at security@codi.gy. We'll work to understand and resolve the issue.

5.2 White hat researchers are always appreciated and we won't take legal action against you if you are respectful to our users privacy, data security and inform us of your findings.

Return to main

Community chat

Open >

Contacts

Help center

2020 Code analytics software | Codigy. All Rights Reserved, Menkė, MB ©