Security
Effective as of May 22, 2020.
SECURITY OVERVIEW
Code Climate helps large engineering organizations realize the value of agentic software development — safely, at scale, and the right way. Our security program is designed to meet the standards enterprises require, not as an afterthought, but as a foundation.
Validation & Monitoring
- Annual SOC 2 Type II
- Third-party penetration testing
- Continuous automated vulnerability scanning
- Code and supply chain vulnerability monitoring
Data Protection
- Data encrypted in transit
- Data encrypted at rest
- Standards-compliant cryptographic practices
- Data retention procedures established
- Data classification policy established
- Disaster recovery procedures established
Access Controls
- SSO/SAML required
- Session expiration and revocation controls
- Role-based access controls for users and API keys
- Support restricted IP access to customer data sources
Access Controls
- Cyber liability insurance maintained
- Standards-based cybersecurity policies and procedures
- All data is stored in AWS regions located in the United States
- Alternative data residency options available for Enterprise customers
Subprocessors
Amazon Web Services - Cloud computing platform
Linear - Customer feature request tracking
Pylon - Customer support
Sentry.io - Application error tracking
Slack - Customer support
Workstreet - Cybersecurity
Report a security concern
We take responsible disclosure seriously. If you've discovered a security vulnerability or have a concern, please reach out directly. We treat security correspondence as our highest priority and will work promptly to understand and address any issue.
Learn more
Unlock the potential of your engineering team.
Let's discuss how our solutions can drive measurable results for your organization.