We take security very seriously at Shieldfy, So we go an extra mile to make sure our service is secure, reliable and worth your trust.
Shieldfy is hosted in secure-by-design Amazon Web Services facilities that continually manage risk and undergo recurring assessments to ensure compliance with industry standards. This includes independent policies for physical access, monitoring & logging, surveillance & detection, device management, operational support systems, infrastructure maintenance, and governance & risk. For more information on the AWS physical security processes, click here
Shieldfy infrastructure is distributed over different technologies. in system installation we are using a hardened, patched OS with dedicated firewall and VPN services that help block unauthorized access. And we are following industry security standard to manage and deploy our services including container and microservices security as well as lambda security standards.
All private data to and from Shieldfy is transmitted over SSL. All communication with the repository is done over SSH authenticated with keys, or via HTTPS using your Shieldfy access token.
We don't store your source code anywhere, When we analyze your source code it will only be downloaded on a virtual container and deleted with the container instantely after the analysis completed. The only data will be store is the result of the analysis which contain information about the vulnerabilities you have and its fully incrypted in the database.
Passwords in Shieldfy are salted and hashed by one-direction encryption scripts. We do not store user passwords. Access tokens used in communications with the repository are salted and encrypted with two-direction encryption scripts and kept in this form in the database.
If you decide to upgrade your account, we’ll ask you for the details of your credit card. We do not store this information on our servers: we are using level-1 PCI Compliance Stripe Inc.
Our employees never access private vulnerabilities info unless required for support reasons and approved with your consent.
Most employees has no access to the shieldfy production environment.
The people who do have access to the production, don't access your code or your repositories or read your vulnerabilities info.
On rare occasions, at your explicit request, we may need to pull a clone of your code; however, this will only be done upon your approval.
All Shieldfy employees is trained towards security compliance and subject to privacy agreements. New employees follow a structured onboarding process to get familiar with tools, processes, systems, policies, and procedures.
As we said , we take security very seriously, and we tied to publish and notify our customers immediately on any security incident happens and how it affect their accounts and privacy.
In case you’ve found a security vulnerability, please see our Responsible Disclosure Policy