Security processes and secure data management
|CloudBees SDM is a preview, with early access for select preview members. Product features and documentation are frequently updated. If you find an issue or have a suggestion, please contact CloudBees Support. Learn more about the preview program.|
CloudBees has a dedicated operations team that manages the CloudBees production environment and other environments within the CloudBees infrastructure.
Production data and infrastructure for CloudBees SDM are housed in a production environment accessible only to operational team members and lead CloudBees SDM product engineers. This is a very small, core group.
All commits to the CloudBees SDM codebase have to go through a pull request review by at least one other team member before being merged into the master branch.
Deployments are done automatically by the continuous integration system. Only the CI system has the credentials to deploy to the staging and production environments.
At present, data is stored in perpetuity. A CloudBees Operations engineer with the correct permissions can purge data as a manual action on request.
No passwords or security credentials are stored in the source code. All credentials are securely stored in a secrets management system, either Vault or as Kubernetes
secrets. The production infrastructure reads these credentials dynamically at startup. Only the production infrastructure has the credentials to read this data from Vault; engineers do not.
CloudBees SDM has been architected to support a multi-tenancy environment that uses record-level isolation so that data in each row is specific to a user profile in the database. Other customers cannot search or view your data. Customers do not have direct access to their data and can only view their own information via the CloudBees SDM user interface. Customer-specific integration data such as GitHub Enterprise credentials are stored in a separate configuration store/database and encrypted at rest in the same manner as other services (see below).
This is done on each merge to the master branch of the CloudBees SDM front-end repository. The SonarQube quality profiles and gates have been tuned for each project to help separate the signal from the noise.
The CloudBees SDM service is hosted in a Virtual Private Cloud in Google Cloud Platform (GCP) from one of Google’s data centers in the United States, currently in us-central1.
Data is stored in PostgreSQL and encrypted at rest.
All information and requests are transmitted over HTTPS. Data in transit uses Transport Layer Security 1.2 (TLS1.2). Data is also encrypted at rest and in transit. All data is encrypted in transit between the end-user and the CloudBees SDM; and between third-party systems, such as GitHub and Jira, and CloudBees SDM.
We specify current strong cipher suites and continue to monitor industry trends and best practices via external monitoring to ensure we’re up to date with our cipher suite listing.
Data is scoped at the organization profile level, and data identifiers are prefixed with an organization’s unique id, created when the user profile is generated.