Security at Tetrix
Tetrix is trusted by over 500k developers and companies that are moving their dev environments to the cloud.
Secure by design.
Storing copies of your source code locally on countless unsecured devices and networks is a bad practice. At the same time, it has become a reality for many organisations to enable their employees to work remotely with BYOD policies.
With Tetrix, your source code is safely stored in the cloud and never stored locally. Either on the carbon-neutral Google Cloud Platform with our SaaS solution or on your own cloud infrastructure with Tetrix Self-Hosted. Our native integrations with GitHub, GitLab and Bitbucket create a single access point to your intellectual property, no matter where your developers are and what device they use for it.
No packages or dependencies are downloaded to users' devices. Tetrix developer environments run in the cloud and are short-lived, protecting your local machines and other corporate resources from malicious attacks through the execution of arbitrary code.
Transparency is key
Industry leading security program
Tetrix is a European company committed to security and data privacy. We provide our users with the ability to access and control the information that we collect about them.
Tetrix is built with security in mind and we continuously invest in security best practices. We are currently in the process of becoming SOC 2 compliant and you can request a copy of our SOC2 audit report as soon as it's available.
Each Tetrix workspace or prebuild runs on a secured single-use container providing fast startup times without compromising on security
We create separate user, PID, mount and network namespaces for each Tetrix workspace, and establish an unprivileged node user as root within that user namespace. More details on the technical approach can be found in this talk from our Head of Engineering as well as in this blog post from the container security experts at Kinvolk who stress-tested our namespace layering implementation.
Built-in the open, our source code and how Tetrix is developed are publicly available for review by everyone. Our security posture, disclosure policy and speed in vulnerability handling is highlighted in the following blog post from the security research team at GitLab.
In addition to this, we acknowledge the importance of giving back to the community and have taken steps to support the software supply chain of Tetrix and our customers through the creation of a monetary fund for supporting open-source maintainers.
Authentication and Authorization
Tetrix uses your Git provider's SSO and, by default, all workspaces connections are private and authenticated, making them accessible only by the creator.
Prebuild logs are readable by all members of the corresponding team and no one else.
All data, including workspace backups and environment variables, is encrypted at rest using AES256; and all connections to the Tetrix app, website, workspaces and workspaces' endpoints are encrypted in transit (TLS).
Tetrix generates SLSA level 1 compliant provenance. Starting with this level, build systems are required to keep a record of their involvement, which sources went into the build process, and which process was used. All this data is recorded using in-toto attestations and published alongside the actual build artifacts.
Big thanks to the following people who responsibly disclosed their security findings.View contributors
Security Vulnerability Disclosure Policy
We welcome feedback from security researchers and the general public to help improve our security.View report process
Report security concerns
We welcome close collaboration with the worldwide security research community.Report security concern