Sleeek is a solution that requires access to customers’ Git repositories on GitLab and GitHub in their cloud servers, and collects data for analysis in order to gain insights into code. It is our highest priority to keep your source codes as secure as possible, with multiple levels of security protocols.
Built with industry-best security practices
Protected by 256-bit strength HTTPS
Servers accessible only via SSH key pairs
Servers accessible only from Sleeek Offices (Osaki, Tokyo and Irvine, CA)
Servers accessible only by Sleeek dev/ops team members
Regularly scheduled server security audits by a network security specialist
Regularly scheduled server security audits using:
AWS Trusted Advisor (https://aws.amazon.com/jp/premiumsupport/trustedadvisor/)
IBM Application Security on Cloud
Secured storage footprint
We encrypt code before storing in our cloud servers
Storage itself uses Amazon EBS Encryption
Analysis server and storage server cannot be accessed even by Sleeek developers
When a repository is de-registered, the related data is pursed
All data promptly removed if you terminate service
Your account is not shared by others
Why do you need write access to my repos?
For GitHub, we need only read for entire repo to enable our code analysis. Please refer GitHub App Permissions.
On the other hand, GitLab's scopes for API access doesn't differentiate between "read" and "write" access, hence, even as we only read data from your commit diffs, we have to use the whole API access to read it ("read" access only lets us clone repositories, which we do not do).
What do you do with each of the authorizations you ask for?
"Read-only" Permission on "administration" for Repository
"Read-only" Permission on "contents" for Repository
"Read-only" Permission on "issues"
"Read-only" Permission on “Repository metadata”
"Read-only" Permission on "pull requests"
"Read-only" Permission on "single file"
"Read-only" Permission on "statuses" for Commit
"Read-only" Permission on "members" for Organization
"api" grants complete access to the API and Container Registry (read/write) (introduced in GitLab 8.15). Required for accessing Git repositories over HTTP when 2FA is enabled.
“read _repository” allows read-access (pull) to the repository through git clone.
These authorization scopes are pretty broad and cannot be constrained to specific actions. However, we will never create pull requests, merge pull requests, or delete branches without your explicit approval. Here's some information on GitHub Apps authorization scope and GitLab's token scopes. You can revoke all of these permissions at any time via your authorized Github Apps and Installed GitHub Apps settings page on GitHub, or your applications page on GitLab, but doing so may result in an interruption of service.
Where is my data stored?
As we analyze your code, we store lines that are relevant to the specific commits being analyzed.
Sleeek is built on Amazon’s AWS. To find out more information about Amazon’s security and infrastructure, please visit their security statement: https://aws.amazon.com/security/.
The source code lines are stored in encrypted file system on another encrypted storage. The analysis server instances and storage instances are not accessible by human users. These instances are automatically built and only applications in these instances can access each source code.
Who has access to my imported data?
The development team at Sleeek has access to the main Sleeek cloud database. Sleeek developers are permitted to simulate account login only for the purposes of debugging problems you may report to us.
ref. Sleeek system structure