GitDailies Security and Compliance

GitDailies adheres to industry-leading security standards and best practices. We recognize that security is a cornerstone of trust and we continuously monitor, review, and enhance our security posture.

Here’s an overview of our approach:

Development

  • All engineers have security-awareness training.
  • Secure coding practices are strictly adhered to.
  • Minimal dependencies are used, and they are continuously monitored for vulnerabilities.
  • All code and build artifacts undergo automated security scanning during development and in production.

Operations

  • Our systems are continuously monitored by industry-leading threat detection and compliance systems.
  • We operate proper management and encryption of application secrets.
  • Employee access to data is strictly controlled and the “principle of least privilege” is always followed.
  • All data is encrypted “at rest”, and sensitive database fields receive a second layer of encryption.
  • All network communication is encrypted with TLS.

SOC2 / ISO 27001 / NIST 800-53

  • GitDailies’ systems are continuously monitored by Google Cloud Platform’s Security Command Center for compliance with 19 security standards, including SOC2, ISO 27001 and NIST 800-53.
  • For all 19 monitored standards, Security Command Center gives the GitDailies service a perfect 100% compliance score.
  • Please contact us with any with security questionnaires or to discuss your specific needs.

User Authentication

  • GitHub’s industry-leading auth systems perform all user authentication for GitDailies.
  • Privileges in GitDailies map exactly to those in GitHub. If a member of your org can’t see a repo in GitHub, they won’t see that repo in GitDailies either.

GitHub Permissions

  • The GitDailies app has strictly read-only access to GitHub.
  • You have complete control over exactly which repositories are visible to GitDailies.
  • The GitDailies app uses the minimum possible permissions.
  • GitDailies is developed by Lysning Digital AS in Norway.
  • Norway is a member of the European Economic Area (“EEA”), which ensures that all EU data protection and privacy laws (including GDPR) apply.
  • See our Privacy Policy and Terms of Service for legal guarantees of service.

Email us or book a call to discuss your specific requirements or submit security questionnaires.