Learn more about our security posture--which we take quite seriously as a security vendor.

For vulnerability disclosures, compliance questionaries, and other issues please reach out to us at

Every time schedules an analysis of your code and its dependencies, it runs a single use container inside a Firecracker micro VM. Every isolation unit only hosts the workload of a single execution. Clearly, this is not everything we do…

We employ a defense-in-depth approach. Our platform employs multiple network filtering mechanisms to block undesired access at different levels (containers, micro VM, host, infrastructure). All the micro VMs have a hardened nonstock Linux kernel. Run a minimal root filesystem. Have a dedicated unprivileged network. Cannot communicate with each other. Are executed by the Firecracker jailer (which employs seccomp filters) on our hosts. Cannot communicate with other services in our infrastructure, which are physically separate from them.

While building our platform, we will try to be as transparent as possible with our users and with the community. We will always contribute back any improvements we made to the open source components we build upon. When it’s not possible to adopt something already existing, we will try to open source solutions we built internally for the benefit of the community. Think about security by obscurity. We believe in the opposite.

The platform uses GitHub as the source of truth for authentication and authorization.

Last updated

© 2024 Garnet Labs