Security at LinearB
Information Security Management System (ISMS)
What does a ISO/IEC 27001 Certificate mean?
It is the leading international standard focused on information security
ISO-27001 is part of a set of standards developed to handle information security with over 100 audited safeguards to control risk.
Pentests & Vulnerability Scanning
LinearB uses third party security tools to continuously scan for vulnerabilities. We also regularly engage security firms to perform penetration tests and vulnerability assessments on our application and infrastructure. Reach out for more details.
Read-only API Calls & Meta Data
LinearB utilizes read-only API calls from the providers. Customers have full control over the level of access LinearB has in repositories and project management boards.
Source Code Protection
Trial Activated Permissions
LinearB users can revoke access at any time. We leave the controls in the hands of our users.
Industry-accepted Best Practices and Frameworks
Q: Why do I need to give LinearB permissions to my Git?
A: LinearB uses Git metadata for its analysis. In order to clone your repositories and extract the necessary data for LinearB reports and in order to access real-time data using the Git provider’s API LinearB needs permissions to the customer’s Git. All the operations that are done by LinearB are read-only actions. LinearB at no time stores or uses your code.
Q: Is LinearB keeping my code?
A: No, LinearB performs clone or shallow clone of repositories just for the purpose of extracting Git metadata. Once the metadata is processed, the repository is immediately deleted.
Q: Is LinearB looking into my code?
A: No, LinearB is using only the Git metadata that is available through the .git directory or data accessible via the Git provider API. No code is scanned, analyzed or saved.