Security
Learn more about our security posture--which we take quite seriously as a security vendor.
For vulnerability disclosures, compliance questionaries, and other issues please reach out to us at security@listen.dev
We are in the process of obtaining our SOC2 compliance, and are happy to provide visibility into it on request.
Every instance of listen.dev's introspection runs as a standalone module inside your GitHub actions workflow run. No data is shared between runners or workflows, and it works on the same threat model and configuration as your CI/CD system.
We employ a defense-in-depth approach. Our platform employs multiple network filtering mechanisms to block undesired access at different levels (containers, micro VM, host, infrastructure). All the micro VMs have a hardened nonstock Linux kernel. Run a minimal root filesystem. Have a dedicated unprivileged network. Cannot communicate with each other. Any hosted execution happens in Firecracker jailer (which employs seccomp filters) on our hosts. Cannot communicate with other services in our infrastructure, which are physically separate from them.
While building our platform, we will try to be as transparent as possible with our users and with the community. We will always contribute back any improvements we made to the open source components we build upon. When it’s not possible to adopt something already existing, we will try to open source solutions we built internally for the benefit of the community. Think about security by obscurity. We believe in the opposite.
The listen.dev platform uses GitHub as the source of truth for authentication and authorization.
Last updated