Security

This page outlines Garnet's security posture.

Garnet is built to be secure by design. We take the following measures to ensure security and privacy for our customers:

End-to-end Encryption

  • Garnet's computer systems are encrypted with AES-XTS mode with 128-bit clocks and 256-bit keys.

  • Garnet's platform is end-to-end encrypted in-transit using transport layer security (TLS) over HTTPS. This includes our website, web applications, API servers, webhook endpoints and internal tools. We use Amazon as our certificate authority.

  • Sensitive information is additionally encrypted with a private key before it is stored in an encrypted form at-rest.

Read-only Access

  • Garnet integrates with your code through a native application on the official GitHub marketplace. The integration process requires you to authenticate securely with GitHub using OAuth2, the industry-standard.

  • Garnet only has read-only access to your pull requests, metadata and webhooks. Permissions can be revoked at any time through GitHub.

  • We do not store any of your code and sensitive data in our databases.

Infrastructure

All of Garnet's software services run in the cloud. We don’t host or run any physical servers, load balancers or DNS servers. ‍ Our backend services are deployed on Amazon Web Services (AWS) through a robust, multi-regional architecture to ensure high-availability and reliability. AWS provides industry-leading security measures to protect our infrastructure and are compliant with most certifications. You can read more about their practices here:

Our frontend services are deployed on Netlify. Netlify actively employs security measures such as active DDoS mitigation, Pen testing, Encryption and Datacenter security to ensure security and compliance. You can read more on Netlify's security practices here:

Additionally, we use industry-standard practices for secrets management for our machines and people.

Misc

  • As a security company, we take our security posture very seriously. Our team has experience building robust developer and security tools before, having contributed projects to the open-source community such as a developer-friendly secrets manager.

  • We are in the process of obtaining our SOC 2 certification.

  • For enterprise users, Garnet offers features such as SSO integration, Audit Logs and on-prem deployment. Please contact us if you're interested.

​

Have questions or feedback? Feel free to reach out to us at [email protected]​