FeaturesHow it worksPricingTestimonialsBlog
Log Inmenu-icon
FeaturesHow it worksPricingTestimonialsBlogLog Incross-image

Security is our middle name

At Zenable, security is foundational. Our architecture and processes are designed from first principles to minimize risk, enforce least privilege, and maintain transparency with our customers.

Nothing in our system has permission to make direct changes to your environment; Zenable systems can create comments on Pull Requests with code suggestions and provide feedback directly into your IDEs and to your AI coding assitants, but any changes to customer environments are directly managed by users.

Data Security

We do not store customer code beyond the life of the review itself.

All systems, including test systems, use TLS 1.2+ to encrypt all data in transit.

Application Security

All dependencies are updated at least weekly.

We have hundreds (and growing) of different requirements which are automatically enforced via Policy as Code. In order for code to be merged and released, it must pass all of our Policy as Code automation, as well as the appropriate automated testing and validation.

Every service in our platform has an independent execution permissions which are managed on a service-by-service basis, and runs with the minimum permissions required to perform its job.

Additionally, we enforce that all code changes to the Zenable platform must be peer reviewed by the appropriate parties using code owners, rulesets, and other techniques to ensure our own development processes meet high security and reliability standards.

In addition to internal reviews, we now perform self-reviews of automated PR comments as a secondary layer of defense against low-quality or inaccurate suggestions.

Infrastructure Security

We run all of our systems in AWS using cloud-native principles: all compute workloads are short-lived, and all deployment pipeline credentials are retrieved just-in-time using least privilege OIDC.

Every resource in our environments is deployed using fully automated and declarative systems via Infrastructure as Code and their dependencies are updated on a weekly basis.

Compliance Roadmap

We're preparing for a SOC 2 Type II audit, with expected attestation in 2025.

Reporting Security Issues

Think you found a security issue? Please follow responsible disclosure guidelines and report it to security@zenable.io.

Frequently asked questions

You've got questions, we've got answers.

Still have questions?

footer-logo

Discover AI Coding Guardrails

HomeFeaturesHow it worksPricingTestimonialsBlog
DocumentationTerms of ServicePrivacy PolicySecurityContact Us
logo
scroll-to-top