CodeRabbit Trust Center

CodeRabbit Trust Center

CodeRabbit Trust Center

Security

Security

Zero-data retention

CodeRabbit communicates with LLM providers to generate code reviews. We send code diffs along with contextual data about the code to improve code reviews and provide better suggestions. The data is encrypted in transit using transport layer security (TLS). Proprietary code is never used to train or improve the models in any way. Queries to the LLMs are ephemeral, and no data is stored or logged by the LLMs.

Complete data isolation

Upon starting a new review, CodeRabbit starts in an isolated environment. Upon finishing the review and finally posting the review comments, CodeRabbit disposes of the environment and no traces of the code are stored on CodeRabbit’s servers. This flow ensures that no parts of the codebase are available outside of the scope and duration of the code review.

Audits and Certifications

CodeRabbit is SOC 2 Type II certified, with a new report released annually. The report describes CodeRabbit's security controls and examines how those controls meet the AICPA Trust Service Principles. It provides an independent assessment of how well CodeRabbit manages data with respect to security, availability, and confidentiality.

How does CodeRabbit help in secure development?

As code reviews are generated and before posting them on a PR, CodeRabbit verifies that no insecure coding patterns exist. This helps in making the code suggestions more secure.

The system uses LLMs to detect vulnerable patterns in code changes. This means that insecure patterns can be quickly detected and replacements can be suggested as part of the code review.

One of the best ways to secure your codebase is by using code scanning, secret scanning and vulnerability detection tools. CodeRabbit runs a suite of tools to detect common bad practices, infrastructure-as-code security vulnerabilities, hardcoded keys/credentials, SQL injection, and many more security patterns as part of the code review to help in secure development.

Privacy

Privacy

Our Privacy Policy

CodeRabbit ensures transparency regarding all privacy-related policies and agreements. Our privacy policy details our handling of personal data, usage practices, and your rights concerning your data. Additionally, our list of subprocessors outlines all third parties involved in our service delivery that may process some data, including the reasons for their involvement, locations, and the services they provide.

Does CodeRabbit collect and process data?

CodeRabbit collects and processes data for various purposes on supported git platforms. Data about usage and metrics is also collected when a review is posted. Following broad categories of data is collected and processed by CodeRabbit at various stages:

Metadata

This includes information about the subscribing organization, added repositories, and users.

Code

CodeRabbit clones the repository in memory to perform the code review and run static analysis and security analysis tools. This data is discarded from memory immediately after the code review is done.

Metrics

CodeRabbit collects metrics about reviews and learnings generated, types of reviews generated (actionable, suppressed, refactor, verification, etc.), files reviewed.

Learnings

If opted-in, CodeRabbit stores learnings from code reviews. These can be either triggered automatically or by explicitly chatting with CodeRabbit to learn something for the next time it reviews your code.

Issues

If opted-in, CodeRabbit stores issues from connected knowledge bases like GitHub Issues, Jira, or Linear. This is useful in summarizing linked issues and suggesting possibly related issues in a PR.

Does CodeRabbit comply with GDPR and other protection laws?

Yes. Staying compliant with the General Data Protection Regulation (GDPR) is crucial for any business handling personal data. At CodeRabbit, we prioritize data privacy and have implemented comprehensive measures to ensure compliance with GDPR.

Does CodeRabbit delete the collected data after the CodeRabbit account is deleted?

Yes. CodeRabbit completely removes all related data after deleting the CodeRabbit account from the web application.

Compliance

CodeRabbit is proud to have achieved external compliance verification with specific standards and can furnish evidence and details regarding the controls implemented related to these benchmarks. 

SOC2

Request Access

GDPR

Request Access