Security

Learn more about our security posture--which we take quite seriously as a security vendor.

For vulnerability disclosures, compliance questionaries, and other issues please reach out to us at [email protected].

We have achieved SOC 2 Type 2 certification. You can view our Vanta trust page here.

Isolation

Every instance of Garnet's introspection runs as a standalone module inside your GitHub actions workflow run. No data is shared between runners or workflows, and it works on the same threat model and configuration as your CI/CD system.

Defense in depth

We employ a defense-in-depth approach.

Our platform employs multiple network filtering mechanisms to block undesired access at different levels (containers, micro VM, host, infrastructure). All the micro VMs have a hardened nonstock Linux kernel. Run a minimal root filesystem. Have a dedicated unprivileged network. Cannot communicate with each other. Any hosted execution happens in Firecracker jailer (which employs seccomp filters) on our hosts. Cannot communicate with other services in our infrastructure, which are physically separate from them.

Open Source

While building our platform, we will try to be as transparent as possible with our users and with the community. We will always contribute back any improvements we made to the open source components we build upon. When it’s not possible to adopt something already existing, we will try to open source solutions we built internally for the benefit of the community.

Think about security by obscurity. We believe in the opposite.

Authentication & Authorization

The Garnet Platform uses GitHub as the source of truth for authentication and authorization.

Last updated 2 months ago