Codiga has joined Datadog!

Read the Blog·

Interested in our Static Analysis?

Sign up
← All posts
Julien Delange Monday, December 16, 2019

Why Codiga does not keep a copy of your source code. Codiga automates code reviews and never keeps your source code in its infrastructure.

Share

AUTHOR

Julien Delange, Founder and CEO

Julien is the CEO of Codiga. Before starting Codiga, Julien was a software engineer at Twitter and Amazon Web Services.

Julien has a PhD in computer science from Universite Pierre et Marie Curie in Paris, France.

See all articles

This is a question that has come up time and time again. Customers often ask us:

Why are you not keeping a copy of our code on your servers?

After all, most of our competitors keep a local copy of your code on their servers and protect it using encryption mechanisms to mitigate the consequences of a potential breach. Why didn’t we follow the same design?

Having a local copy of your source code would definitively make our life easier: we could surface the source code in the interface for all analyses, not to mention updating code for incremental analysis would be a lot easier. It would also drastically reduce our operating costs (we could just have to update the local copy of a repository).

The drawback of keeping a copy of your source code is clear, it will expose your Intellectual Property. This is a trust issue. If we keep a copy of your source code on our server, hackers might have access to your code in the event of an attack against our infrastructure. Using encryption mechanisms can help, but there is no guarantee that attackers do not get the encryption key, using social engineering or just plain brute-force. Let us explain clearly: when keeping a copy of your source code, your Intellectual Property is at risk. No more, no less. This would be a breach of trust for us and we do not want that to begin with.

At Codiga, we design systems by thinking of our customers first, and then work backwards. When designing our system, we consider the worst-case scenario and build a system to avoid exposure of critical sensitive data. For that reason, we designed our whole infrastructure with data protection in mind.

This decision has caused some side-effects. For example, you do not see the file content on the interface all the time (when you see the file content, it has been retrieved through an API and is not stored on our infrastructure). And our operating costs are definitively higher. But we are okay with our decision because the benefit (your security) outweigh the issues (small degradation of the user experience and increased operating cost).

We hope we have answered this question well. If you have more questions, do not hesitate to contact us.

Are you interested in Datadog Static Analysis?

Sign up