By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Product Updates
March 6, 2024

How We Keep Your Code Safe at DryRun Security

At DryRun Security we leverage Contextual Security Analysis and the power of LLMs to make discoveries about your code changes in near real time. 

We’re able to accomplish some amazing things with our Contextual Application Security Testing (CAST) tool that traditional SAST (Static Application Security Testing) tools miss, but we realize that when we say we’re using LLMs (Large Language Models, aka Generative AI), it can cause a feeling of discomfort for some people.

So today I want to let you in on what our team has been doing to ensure that your code is safe with us.

How We Keep Your Code Safe

Permissions are Held by GitHub, Not Us

Granting access to your codebase is a significant decision. That's why we empower you with control. Our app seamlessly integrates with GitHub, enabling you to dictate permissions and revoke access instantly, right from GitHub.com.

Safeguard by a Private LLM

While the buzz around AI technologies like GenAI and Large Language Models (LLMs) may spark concern, rest assured that we prioritize the security of your code. DryRun Security employs its own private LLM, ensuring finer-grained privacy mechanisms and an architecturally segregated infrastructure. Your data isn’t being fed through a public AI system.

Increase Confidentiality With Ephemeral Microservices

Powered by a serverless architecture, our ephemeral microservices guarantee that once a task is completed, your code vanishes from our analysis engine. This approach ensures the transient nature of your code within our system, bolstering the confidentiality and integrity of your proprietary information.

Prioritize Security by Storing Key Markers, Not Code

Instead of retaining data from your repositories, we analyze and store key data points. These include language and framework types, notable dependencies, template language specifics, and data store usage. This allows us to build context for our analyzers without compromising the security of your code.

Ensure Reliability Via Independent Audits 

To underscore our commitment to security, we subject our infrastructure to quarterly audits and assessments by a third-party security auditor.

For more details on how we keep your code safe visit https://www.dryrun.security/code-safety.

What You Can Expect

Security is our expertise and the core of our product. Protecting your code and data is of utmost importance to us and we take our responsibility to you, our users, very seriously. We are users of our own product so when we say we take your security and privacy as seriously as we do our own, we truly mean it.

We strive to give you the best experience in finding risky code changes before you commit them. If you haven’t experienced DryRun Security for yourself, install it today and get the power of a Contextual Application Security Testing (CAST) tool on your very next pull request. Or, schedule some time with me and I’d be happy to personally give you a demo. 

Book a demo using this link and I’ll personally show you how context makes all the difference for application security testing  with DryRun Security.