Overview

We fully understand and recognize, that the security of your source code and configuration data is important, as it forms the base of your and our endeavours. Therefore we put a lot of effort and thought into providing a secure infrastructure for you to use.

System Security

For every project you add to the Codeship we create an SSH Key that is itself encrypted strongly and only decrypted shortly before being used in the build virtual machine. For every build we start a new and clean virtual machine. All changes you make (including file system changes) are stored in a ramdisk which is removed as soon as your build finishes (tests and deployment). None of your data is ever stored on any harddrive on our build servers.

All communication between your browser and our website is SSL encrypted, as is all communication to our openredis queue. All communication to the build virtual machines is done over SSH.

The crew won't read your code

Unless you want them to. We will never read your code if not explicitly requested by you. This might happen in the case of a support request or if you want something debugged by our engineers on your end. In no other case will we have a look at what belongs to you – your code. You feeling safe about your code is of crucial importance to us. Also realize that only our core team will be able to look at your code. Never will a person from outside the Codeship crew work on a support request you submit.

Authorization for your source code provider

To run your tests, we need to check out your code from your source code provider. Currently we support GitHub and Bitbucket but others will follow. You can sign up for the Codeship via Email as well but as soon as you connect a repository with your Codeship account you are telling your source code provider that you allow us to check out your private repositories.

You can revoke permission in your GitHub Settings and by removing the Codeship´s deploy keys and service hooks from your projects´ configuration pages.

Services

Our whole infrastructure is based on Amazon EC2 or services built on top of it. EC2 is one of the most trusted, tried and tested hosting services out there. The services we use are:

Additionally for collecting Metrics (but without any sensitive data) we use

  • Google Analytics
  • Mixpanel
  • Intercom
  • Google Docs

Source code access

As outlined in our Terms of Service we only access your source code for a build or support request. We do not have any way to access your repository outside of our build environment.

Reporting Security Issue

If you want to contact us regarding a security issue please send an email to security@codeship.com. You can encrypt it with our PGP Key