SideCI staff doesn't read you code

In the normal course of events, SideCI staff will never read your code. Occasionally, you might ask us for support, or to look into a problem you experience, in which it would be useful for our engineers to read your code.We will only do this if explicitly granted permission to do so as part of a support request, and will never do it otherwise. Outside of a support context, no human reads your code.

Our security model

When we run your analyze, we run them in a container, meaning you are unable to access another customer's code, and they are unable to access yours.When processing ends, the container used by the analysis has been deleted. It is not possible to access a container from the internet at large.

GitHub authorization

To run analyze, we need to check out your code from GitHub. When you sign up for SideCI, you tell GitHub that you are authorizing us to check out your public/private repositories.You may revoke this permission at any time through your GitHub application settings page and by removing SideCI's Deploy Keys and Service Hooks from your repositories' Admin pages.

Partners with access to your source code

SideCI is built on Amazon EC2 Service.If the Amazon Web Service becomes vulnerable, your source code may also become vulnerable to accidental disclosure. Amazon's Security Center discusses their security in detail.

Feedback

We take security incredibly seriously. If you have any suggestions for how we could improve our security, or improve this policy, please contact us at security@sideci.com. We will act immediately to deal with the issue.