Customer Code Security¶
At BoostSecurity, safeguarding customer code is a top priority. Our platform is designed to ensure your source code remains protected at all times during the scanning and analysis process.
This page outlines how BoostSecurity handles customer code securely and the safeguards in place during scans.
Key Principles¶
We follow these principles when performing scans on your codebase:
✅ No Code Transit or Storage¶
- Your source code is never transmitted to BoostSecurity’s servers.
- We do not store or persist any portion of your code in our backend.
- Our scanning processes are designed to be non-invasive, ensuring your intellectual property remains entirely under your control.
Where Scanning Happens¶
All code scans are executed directly in your environment, using your existing CI pipelines.
How it works:¶
- The scanner is run in your CI/CD environment.
- Code is checked out from your Git repository during the CI job.
- The scanner performs its analysis locally within that job.
- Only the scan results (findings and metadata) are uploaded to BoostSecurity’s backend — never the code itself.
This architecture enables:
- Full visibility into what gets scanned
- Data residency compliance
- Seamless integration with your security and compliance policies
What Gets Uploaded¶
Only the following types of data are sent back to BoostSecurity’s backend after the scan:
- Vulnerability findings
- Metadata associated with the scan (e.g., file paths, affected package versions, rule matches)
- Policy rule matches and statuses
Note
No raw source code or repository contents are included in these results.
Why This Matters¶
By performing all scanning operations within your infrastructure, BoostSecurity:
- Eliminates risk of unauthorized code exposure
- Maintains strict compliance with internal and external security policies
- Offers a high-assurance model for secure DevSecOps adoption
Summary¶
| Aspect | BoostSecurity’s Approach |
|---|---|
| Code Transit to Backend | ❌ Never |
| Code Storage on Backend | ❌ Never |
| Scanning Location | ✅ Customer CI pipeline |
| Data Sent to BoostSecurity | ✅ Scan findings only, no source code |
| Code Visibility to Boost | ❌ Boost never sees or stores your source code |
If you have additional security or compliance questions, feel free to reach out to our support team or your account representative.