Many customers host their Git repositories on internal servers using GitHub Enterprise, GitLab, Atlassian Bitbucket Server, or similar products. GitPrime needs to be able to access these servers to be able to collect the data used to calculate your metrics.
This can be accomplished securely by allowing public access via secure SSH access to internal repositories. This insures that all data transmitted to GitPrime is done over a secure protocol, and allows our customers to maintain strict authentication and access security using SSH keys.
To accomplish this setup, customers must enable network address translation (NAT) of the SSH port on a public IP address to the SSH port of their internal GIT server. For example, if your public IP address is 172.20.54.124 and your internal Bitbucket server exists at 18.104.22.168 using SSH port 7999, the NAT rule introduced to your firewall would forward any traffic 172.20.54.124:7999 to the internal address and port at 22.214.171.124:7999.
GitPrime is built on Heroku which, as you may or may not know, is built on AWS. To find out more information about Heroku’s security and infrastructure, please visit their security statement: https://www.heroku.com/policy/security.
We currently store all persisted data in a Postgres database. AWS also provides a security statement here: https://aws.amazon.com/security/.
All backups of the Postgres database are kept on AWS for a period of 90 days at which point they are deleted permanently.
We do not keep local copies of production data.
We store the usual account information: email, password, etc.
Additionally, for each repo you provide us, GitPrime clones and pulls your repo approximately every ten minutes using the credentials you provide us via our secure site.
GitPrime accesses your repository via read-only SSH key pairs, in similar fashion to build frameworks like Jenkins and Circle CI, and code quality analysis tools like Code Climate. We parse the repo and store meta data in a Postgres database. This meta data may include snippets of code for rendering diffs, but we do not persist the entire repo in our metadata store. When you delete a repo from your account, all associated data is permanently wiped and we retain no copies.
Your data can only be accessed via an SSL connection using an authenticated session. We do not provide exports or any form of a download of your data. It is not possible to access your repos directly.
Only people with the username and password you provide can access your data. There is no public access to your data of any kind.
Of course! Our own repos are parsed every ten minutes just like our customers using the same infrastructure and the same secure protections we provide everyone else.
We don’t publish our customer list for obvious reasons, however suffice to say we have publicly traded companies with millions of lines of code being accessed by GitPrime every day.