Security at LinearB

Hundreds of development teams trust LinearB to keep their environments safe. The security experts that built LinearB have gone beyond conventional industry standards to provide compliance at all levels.

Certifications

ISO/IEC 27001

Information Security Management System (ISMS)

What does a ISO/IEC 27001 Certificate mean?

It is the leading international standard focused on information security

ISO-27001 is part of a set of standards developed to handle information security with over 100 audited safeguards to control risk.

Pentests & Vulnerability Scanning

LinearB uses third party security tools to continuously scan for vulnerabilities. We also regularly engage security firms to perform penetration tests and vulnerability assessments on our application and infrastructure. Reach out for more details.

Read-only API Calls & Meta Data

LinearB utilizes read-only API calls from the providers. Customers have full control over the level of access LinearB has in repositories and project management boards.

Source Code Protection

LinearB does not persist source code files. All Git commit analysis is performed on ephemeral instances and the local clone is immediately deleted. We only persist pull requests metadata.

Trial Activated Permissions

LinearB users can revoke access at any time. We leave the controls in the hands of our users.

Industry-accepted Best Practices and Frameworks

Our security approach focuses on security governance, risk management and compliance. This includes encryption in transit and at rest, network security and server hardening, administrative access control, system monitoring, logging and alerting, and more.

Q: Why do I need to give LinearB permissions to my Git?

A: LinearB uses Git metadata for its analysis. In order to clone your repositories and extract the necessary data for LinearB reports and in order to access real-time data using the Git provider’s API LinearB needs permissions to the customer’s Git. All the operations that are done by LinearB are read-only actions. LinearB at no time stores or uses your code.

Q: Is LinearB keeping my code?

A: No, LinearB performs clone or shallow clone of repositories just for the purpose of extracting Git metadata. Once the metadata is processed, the repository is immediately deleted.

Q: Is LinearB looking into my code?

A: No, LinearB is using only the Git metadata that is available through the .git directory or data accessible via the Git provider API. No code is scanned, analyzed or saved.