The security of your code is of paramount importance to us. As software vendors and experienced practitioners ourselves, we understand the need for ensuring isolation and security for multiple reasons; to secure your codebase and also to ensure a uniform quality of service to all our customers. The seriousness with which we take steps to protect your code are the same as we would take to protect our own code from unauthorized access. The following document should help you understand the steps and measures we take to secure your resources in our ecosystem.
Access to GitHub
There are two reasons we would access GitHub on your behalf.
- Authenticate you when you visit our website. This communication happens over HTTPS and is secured by the mechanisms of that protocol. We do not ever acquire your GitHub credentials, merely the right to access data on your behalf.
- Fetch code changes into our system when we are notified of changes. We pull the code from GitHub over ssh using secure keys we automatically generate and upload for you when you initially provision the build. Thus, all your code is brought into our environment securely.
The authentication protocol we use is OAuth. OAuth scopes let us specify what access we need from GitHub. Specifically, we ask for user (read/write access to user profile info only) and repo (read/write access to public and private repos and organizations) access. This does not let us delete the repositories.
At any point in time, you may login to GitHub and revoke all rights you have granted to Snap CI. This includes the certificates that Snap has uploaded to facilitate the pulling of code.
Your code on our service
Our service runs on Amazon AWS. Your project ecosystem consists of
- - a build server
- - one or more build agents
Our aim is to provide your project ecosystem a high degree of isolation for both security and stability reasons. To this end, the server, agent(s) and the worker all live in isolated virtual environments (commonly referred to as containers). Each of these self-contained project specific environments is in its own Virtual LAN and serves to isolate your processes, memory, file-system and network from all other environments and other areas of the host system.
In addition to isolating individual projects from each other, our entire service lives inside a virtual private cloud inside Amazon's AWS. All the servers on which we provision your- and other builds- are isolated into this private cloud, and inaccessible from other machines and services hosted on AWS. Firewall configurations restrict traffic in and out of our private cloud.
When you initially setup a build (and subsequently, on every change we get notified of), we will pull your code and store it on the project specific environment we set up for your project.
A copy of your code will exist on the build server and build agent(s) for as long as you have a build configured with us. We destroy your entire project ecosystem (and all clones of your code, along with that) as soon as you stop using our service. Build artifacts such as archived logs might take a little longer to get deleted, but they are also deleted, so you can be confident that none of your project information is retained for longer than a few minutes to a few hours after you stop using our service.
We also regularly update and apply all critical security patches and updates to all our servers and ensure that known vulnerabilities are mitigated or eliminated.
Lastly, we will never attempt to access your code inside the production environment, unless it is with your explicit consent, and only to help you with a bug or issue you are having with our service.
In addition to us providing security at the level of our service, you can also refer to Amazon's AWS security policy around their infrastructure provisioning here: http://aws.amazon.com/security.
Access to our website
Your access to our website will happen over a secure channel and any communication between your browser and the dashboard will be secure.
We will, by default, transmit build related notifications over the most secure option available, and in the event that there are multiple options, all of which are not equally secure, we will provide you an option to pick the option(s) you would like to enable for your team.