By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept

How We Keep Your Code Safe

Security is at the core of our product and we want to assure you that protecting your code and data is of utmost importance to us. Along with Contextual Security Analysis, we leverage the power of LLMs to make DryRun Security do amazing things so that you can secure your code with quality and speed.

Here are the steps we take to keep your code safe:

GitHub Controls Permissions to Your Code

Our app installs via GitHub which allows us to access your code base and respond to your developer’s security questions. This gives you control over what we have access to and our permissions can be revoked instantly by you at any time through GitHub.com.

We Use Our Own Private LLM

LLMs are great, until your data is used to train the model and shared with the public. We made the choice to preempt these privacy concerns by implementing our own private LLM where we have finer grained privacy mechanisms and have architected our infrastructure such that we do not commingle data streams.

We Leverage Ephemeral Microservices

Backed by a serverless architecture, we leverage ephemeral microservices to do all processing and analysis of your code. Once a task has been performed, the code being analyzed is effectively gone from our analysis engine. Note that we do store your individual security findings and related metadata such as the pull request it was discovered in and date/time as is a required feature for most organizations who fall under some form of compliance requirements.

We Store Key Markers, Not Your Code

When we do need to store data, we are not copying off your entire codebase and data. Instead, we perform analysis of your codebase and store key data points as markers that our tool uses to build “context” about your application such as:

  • the type of language and framework
  • notable dependencies
  • template language type
  • any data stores it may be using

These general data points are enough to provide our analysis engines with the context it needs in order to provide more accurate results.

Independently Audited

We use a third-party security advisor to do quarterly audits and assessments of our infrastructure. A letter of audit is available upon request.