There are several steps we take to help customers precisely manage access to sensitive data in GitClear. See also our source code protection measures and network security pages.
Access to GitClear is made available through an Oauth2 login at the customer's git provider. We strongly recommend that customers enable two-factor authentication at their git source provider. Setting up 2fa at the git provider ensures the same security requirement is applied when logging into GitClear as logging into the git provider (since they are one in the same).
GitClear never requests nor receives the customer's password during the login process. Access from GitClear to the customer's repos can be revoked at any time through the git provider's settings.
Upon creating a GitClear account, only the customer themselves will be able to see the data they have imported initially. To collaborate with their team, the admin invites select users to GitClear (typically via an email invite) at a particular access level (called a "role"). User roles available to admins on GitClear include:
Contributor. No access to GitClear. This role exists to allow the admin to control which contributors' commit activity will be shown to team members with a higher-level role.
Developer. Can view aggregated team reports and their own commit stats (such as their past year of Diff Delta). Can not view the commit stats of other individual team members or any reports that list names of their team members. When viewing the list of other Developers present in their team, alphabetic sorting will be the only available sort option.
Manager or Lead Developer. Can view aggregated team reports, as well as individual developer reports for any member of their team. Can not view stats comparing across teams or comparing their team to industry averages.
Executive or Director. Can view aggregated team reports, individual developer reports, and reports that compare team stats to industry averages. Can not view stats for members of the company who were not included in their team by the admin.
Admin. Controls who gets put on which team. By default, the admin is given access to an "All Contributors" team that contains all contributors in all the repos that were selected for import.
As a general philosophy, we direct user attention toward learning and discovering instead of comparing, though we do make available selected comparative reports as have been requested by executive customers.
Access to GitClear's production site is made available only through Oauth2 login at a git provider. This allows us to avoid storing passwords, and protects our customers from password-reset attacks.
Safeguards used to protect git access tokens are discussed above, in the "Provider Tokens" section.
On Enterprise installations, we allow login through SAML or email/password. In these cases, passwords are salted and encrypted at rest using the Bcrypt algorithm recommended by security experts.
Our systems have uptime of 99% or higher, and we proactively post status updates for production incidents to our Twitter account.
Customer payment details (i.e., credit cards) are stored in a secure vault on Stripe. Credit cards details are submitted to Stripe directly without passing through GitClear servers by using a Stripe iframe that's embedded in the payment form hosted by GitClear.
Stripe's infrastructure for receiving, storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn't share credentials with Stripe's primary services.
GitClear has worked with industry-leading security groups such as NCC Group to audit and fortify our security systems. This section describes security steps we've taken that didn't fit into the sections above.
In 2020, GitClear contracted NCC Group, a global expert in cyber security, to perform a security review of the entire security infrastructure, including threat prevention, mitigation, and recovery. They chose the industry-standard NIST Risk Management Framework to assess GitClear's security posture across more than 100 different dimensions.
In the report summary (available upon request), our security measures are described by NCC Group as "above average as compared to the assessments regularly completed by NCC Group." A sampling of the security measures on which GitClear was recognized with a perfect score included "Identify: Business Environment (ID.BE)," "Protect: Access Control (PR.AC)," "Respond: Response Planning (RS.RP)," and "Respond: Analysis (RS.AN)."
We were found to have a security measure "Not in place" on 6% of the 106 security dimensions analyzed in this comprehensive report. The 6% "Not in place" were:
Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness. We regularly read & review security updates from numerous popular developer sources such as Hacker News. We are also subscribed to updates from Github when our project dependencies are found to have a security consideration warranting upgrade.
Antivirus software is installed. We use Linux servers secured behind a firewall. These servers don't download and execute code from arbitrary web locations.
Configuration change control processes in place. We utilize ansible to ensure we possess a versioned history of decisions that influenced server configuration decisions. The NIST assessment seems to pertain specifically to possessing business documentation of configuration control, which would afford no benefit at our current company size.
Third-party stakeholders (e.g., suppliers, customers, partners) know their roles & responsibilities. We have not created an explicit policy for this yet as its more convenient to communicate with our small set of shareholders directly. Small team benefits.
Security awareness training program available for all users. Developer code is audited by PR, and security conversations are a mainstay of our Slack communication; we also have a suite of documentation that describe known security considerations pertaining to specific areas of implementation.
Organizational communication and data flows are mapped. Once our company size reaches 100 we expect to have someone on staff to handle this.
GitClear has submitted and passed the Google Vendor Self-Assessment Quiz, which measure almost 100 different dimensions of application security. A copy of our completed VSAQ is available upon request.
Our policy is that no employee shall access customer data without the explicit permission granted via Settings -> "Allow GitClear employees to access data."
We partner with a security services vendor to perform annual threat scanning of the GitClear website. Most recently, the WAS Web Application Report was used to assess the susceptibility of GitClear to attack over thousands of sustained access requests spanning several hours. The report found no significant security vulnerabilities in GitClear's infrastructure.