At DryRun Security we leverage Contextual Security Analysis and the power of LLMs to make discoveries about your code changes in near real time.
We’re able to accomplish some amazing things with our Contextual Application Security Testing (CAST) tool that traditional SAST (Static Application Security Testing) tools miss, but we realize that when we say we’re using LLMs (Large Language Models, aka Generative AI), it can cause a feeling of discomfort for some people.
So today I want to let you in on what our team has been doing to ensure that your code is safe with us.
How We Keep Your Code Safe
Permissions are Held by GitHub, Not Us
Granting access to your codebase is a significant decision. That's why we empower you with control. Our app seamlessly integrates with GitHub, enabling you to dictate permissions and revoke access instantly, right from GitHub.com.
Safeguard by a Private LLM
While the buzz around AI technologies like GenAI and Large Language Models (LLMs) may spark concern, rest assured that we prioritize the security of your code. DryRun Security employs its own private LLM, ensuring finer-grained privacy mechanisms and an architecturally segregated infrastructure. Your data isn’t being fed through a public AI system.
Increase Confidentiality With Ephemeral Microservices
Powered by a serverless architecture, our ephemeral microservices guarantee that once a task is completed, your code vanishes from our analysis engine. This approach ensures the transient nature of your code within our system, bolstering the confidentiality and integrity of your proprietary information.
Prioritize Security by Storing Key Markers, Not Code
Instead of retaining data from your repositories, we analyze and store key data points. These include language and framework types, notable dependencies, template language specifics, and data store usage. This allows us to build context for our analyzers without compromising the security of your code.
Ensure Reliability Via Independent Audits
To underscore our commitment to security, we subject our infrastructure to quarterly audits and assessments by a third-party security auditor.
For more details on how we keep your code safe visit https://www.dryrun.security/code-safety.
What You Can Expect
Security is our expertise and the core of our product. Protecting your code and data is of utmost importance to us and we take our responsibility to you, our users, very seriously. We are users of our own product so when we say we take your security and privacy as seriously as we do our own, we truly mean it.
We strive to give you the best experience in finding risky code changes before you commit them. If you haven’t experienced DryRun Security for yourself, install it today and get the power of a Contextual Application Security Testing (CAST) tool on your very next pull request. Or, schedule some time with me and I’d be happy to personally give you a demo.
Book a demo using this link and I’ll personally show you how context makes all the difference for application security testing with DryRun Security.
