Security

Last modified June 27, 2018

Sider staff doesn't read you code

In the normal course of events, Sider staff will never read your code. Occasionally, you might ask us for support, or to look into a problem you are experiencing, in that case it would be helpful for our engineers to read your code.We will only do this if explicitly granted permission to do so as part of a support request, and will never do it otherwise. Outside of a support context, no one will read your code.

Our security model

When we run your analysis, we run them in a container, meaning you are unable to access another customer's code, and they are unable to access yours. When processing ends, the container used by the analysis is deleted. It is not possible to access a container from the internet at large.

GitHub authorization

To run an analysis, we need to check out your code from GitHub. When you sign up for Sider, you are notifying GitHub that you are authorizing us to check out your public/private repositories.You may revoke this permission at any time through your GitHub application settings page and by removing Sider's Deploy Keys and Service Hooks from your repositories' Admin pages.

Partners with access to your source code

Sider is built on Amazon EC2 Service.If the Amazon Web Service becomes vulnerable, your source code may also become vulnerable to accidental disclosure. Amazon's Security Center discusses their security in detail.

Feedback

We take security incredibly seriously. If you have any suggestions or concerns regarding our security policy, please contact us at security@sider.review. We will act immediately to deal with the issue.