We are a software company and fully understand that your source code is the heart of your business. We are building all our applications on Semaphore too. Here are the measures that we employ to ensure all code is safe.
- Hetzner datacenters are spaciously distributed and not disclosed to general public.
- 24/7 camera monitoring of entrances and server rooms.
- Access is permitted only to authorised contractual partners.
- Guaranteed power supply by a 15 minute battery and emergency diesel-generated power.
- Controlled climate conditions.
- Modern fire detection system.
- Multiple redundant connections to the largest German internet exchange point, DE-CIX.
- All upstreams and peerings integrated in the backbone via Juniper Networks routers.
- Central back-up server.
- RAID-1 hard disk system reducing likelihood of data loss.
Semaphore relies on GitHub and Bitbucket to access source code. Semaphore does not store any passwords. Your credentials are retrieved using OAuth and code is transferred to Semaphore via GitHub API and Bitbucket API over HTTPS. Each project imported to Semaphore is assigned a unique SSH key with a strong password which is automatically added to GitHub/Bitbucket as a deploy key.
All data exchanged between Semaphore machines is transmitted using SSL. Every build is executed in a fully isolated, single-run virtual machine, and tracked through a local private SSH connection.
No Rendered Text employees ever access source code repositories unless required to for support reasons. Support staff may log into your account to access settings related to your support issue. Support staff does not have access to clone any repo. When working a support issue we do our best to respect your privacy as much as possible, we only access the files and settings needed to resolve your issue.
We don’t act on the following classes of bugs and common reports:
- Credentials in a 3rd party’s
- Email spoofing, SPF, DKIM, and DMARC errors