Security is very important to us. We follow industry best practices for protecting your organization.
Security
We encrypt your data in transit and at rest, and provide administrative controls including single sign-on (SSO) and enforced two-factor authentication (2FA) via SSO to ensure that your data remains secure organization-wide. Sleuth also provides role-based access controls (RBAC) to help administrators manage access levels.
SSO via Google, GitHub & Bitbucket logins
2FA via SSO providers
Role-based access control (RBAC)
Application audit logs (coming soon)
Reliability
Sleuth is designed for high performance and availability. We build our solution using best-in-class core technologies including AWS Fargate, RDS, Elasticsearch and ElastiCache. Our infrastructure spans three availability zones so we’re always available.
AWS managed services for data and backups
No long-lived servers, auto-security patching
No publicly exposed access to VPCs
Real-time status transparency
Compliance
We are pursuing our SOC® 2 Type 2 compliance certification and expect to succeed. We adhere to industry best practices:
Enforced SSO & 2FA and recurring user-access reviews
Enforced review for all code changes
Automated end-to-end testing of gated deployments
Encrypted network access and data storage
Privacy
We are committed to data privacy. We allow our customers to delete their data from our systems. We encrypt all sensitive data in our datastore. We use third-party bug-bounty programs for security testing.
Sleuth relies on third-party integrations to track deployments. These applications ask for elevated privileges including, often, write access, enabling Sleuth to add webhooks and automate deployment data collection. All access is completely revocable. Sleuth will never use it for any purpose other than supporting deployments data and collecting deployment data.
