Security

Security Measures

Why trusting FlyCI?

To protect your data, FlyCI employs several security measures:

  • Your jobs run in a secure and isolated environment
  • Your code and data is never saved on our servers after a workflow is completed
  • All communication is encrypted
  • Our DB has encryption at rest
  • Access to our servers is strictly controlled and audited

Data Isolation and Protection

FlyCI uses ephemeral, just-in-time (JIT) runners. It means that every time a runner is required, FlyCI creates a virtual machine (VM) where the GitHub workflow jobs are executed. The VM is destroyed the moment the workflow ends and the runner is not needed anymore. This is how we ensure no data is left behind.

The usage of virtual machines also ensures we securely isolate your data from other users. FlyCI relies on Apple Virtualization Framework 🔗 - the official recommendation for creating and configuring macOS VMs. In addition, we also implement strict rules around authentication and encryption to prevent unauthorized access to our systems.

Data Separation from Other Users

The use of virtual machines ensures that your data remains separate from other users' data. Our strict security measures prevent unauthorized individuals from observing or accessing your data.

Data Storage After Workflow Completion

We do not store any of your data after a workflow is completed. This includes your code and secrets. Every data used by the runner is destroyed along with the runner itself.

Log Retention

We retain metadata logs containing information about CI jobs, including the initiator, start time, duration, and selected hardware. The logs do not store any personal or sensitive data. They help us creating valuable usage dashboards for our customers. It is also the base on which we measure our performance and improve our services over time.

Runners' Authentication

To authenticate GitHub's self-hosting software and ensure it runs the appropriate workflow, we use Just-In-Time configuration 🔗. It can only be issued by the FlyCI app and is specific for the organization and the repository. It is not possible to access other repositories using the same configuration.

Is FlyCI SOC2 Compliant?

FlyCI is not yet SOC2 compliant, but we plan to start working on it. Please, email us at contact@flyci.net in case of interest.

How can I report a security vulnerability?

For details on how to report security issues, please refer to our security.txt

Previous
About