Security in Appcircle

Security in Appcircle

/in /by
In the modern enterprise landscape, CI/CD pipelines are indispensable for streamlining software development and deployment. However, with sensitive data and intellectual property at stake, ensuring robust pipeline security is crucial. Appcircle offers advanced security features designed to protect your code, data, and processes at every stage.

Why CI/CD Pipeline Security Matters

CI/CD pipelines often handle sensitive data such as source code, automation scripts, and environment variables. A breach can lead to data theft, financial loss, or reputational damage. For enterprises, maintaining a secure CI/CD environment is essential for safeguarding intellectual property and ensuring compliance with industry standards. Appcircle integrates security best practices to address these risks effectively.

How Appcircle Ensures Code Security

Appcircle prioritizes code security through its unique approach to repository access and data handling:
  • No Persistent Code Storage: Source code is fetched only during the build process and is not stored on Appcircle’s infrastructure.
  • Temporary Build Agents: Each build is run on a brand-new, isolated virtual machine that is terminated after the process, leaving no residual data.
  • Read-Only Access: Appcircle uses read-only tokens to fetch repository data, minimizing exposure.
  • Encrypted Tokens and Keys: OAuth tokens and SSH keys are securely stored in HashiCorp Vault, ensuring they remain inaccessible.
  • Strict Access Control: The Appcircle team does not have access to your source code under any circumstances.
Regular penetration testing, SOC 2 compliance, and ISO certifications reinforce Appcircle’s commitment to security.

Secure CI/CD Infrastructure with Appcircle

Appcircle’s cloud infrastructure, powered by Google Cloud Platform (GCP), offers enterprise-grade security features:
  • Isolated Virtual Machines: Each build runs on a separate virtual environment to eliminate conflicts and enhance security.
  • Ephemeral Build Agents: Virtual machines are terminated after each build, ensuring no data persists.
  • Encrypted Communication: All communications are secured via SSL, with tokens and keys rotated regularly.
  • Secure Caching: Artifacts stored in cache buckets are accessible only by the same organization and are protected by time-limited signed URLs.
For more details, visit Google Cloud Security.

Data Security: Protecting Secrets and Signing Identities

Appcircle provides robust security for sensitive data like signing identities, environment variables, and secrets:
  • HashiCorp Vault Integration: Confidential data is encrypted and securely stored, with keys unsealed by GCP Cloud KMS.
  • Controlled Access: Users without permission cannot view or modify secrets, ensuring only authorized personnel have access.
  • Automatic Log Redaction: Sensitive data is excluded from build logs to prevent unintended exposure.
  • Identity and Access Management (IAM): Appcircle uses Keycloak for IAM, supporting OpenID, SAML SSO, and two-factor authentication.

Advanced User Management and Logging

For enterprise teams, Appcircle provides fine-grained control and transparency:
  • Role-Based Access Control (RBAC): Assign specific roles and access levels to team members so their access is aligned with their responsibilities.
  • Role Mapping: Map user groups and role associations to Appcircle organizations and roles, simplifying user provisioning and helping maintain consistent access policies across the organization.
  • Activity Logs and Reports: Monitor key actions across the platform, including workflow changes, role updates, and organization-level actions, with logs and reports that support traceability.
  • Sub-Organization Support: Manage multiple teams and projects separately through sub-organizations under a single root organization, with isolated workspaces and controlled access.
Appcircle’s user management tools ensure streamlined collaboration without compromising security.

Private Cloud and On-Premise Deployment Options

For organizations requiring complete control over their CI/CD pipeline, Appcircle offers private cloud and on-premise deployment options. These setups allow you to host the entire pipeline within your infrastructure while maintaining Appcircle’s robust features.

Left Icon

Have a question or want to report an issue?

Right Icon Ask on Slack

Conclusion

Appcircle sets the benchmark for secure CI/CD pipelines, offering comprehensive protection for code, data, and processes. Whether you leverage its public cloud infrastructure or opt for private hosting, Appcircle ensures secure, efficient, transparent, and enterprise-grade workflow tailored to your enterprise needs.