Hakiri is hosted on Amazon Web Services (AWS) servers. This cloud provider hosts thousands of sensitive apps and takes security very seriously. You can read more about AWS security practices and compliance on their website.
All access to all Hakiri services is restricted to HTTPS encrypted connections. All web connections are encrypted using CAMELLIA_256_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism. All Hakiri API calls performed by Hakiri Toolbelt are restricted to HTTPS encrypted connections as well.
Hakiri needs to have access to your GitHub repositories for code and dependency scanning functionality. You grant it to Hakiri application during GitHub permissions setup. We never execute code that is pulled from your GitHub repositories nor do we keep a long term copy of it on our servers. Your source code is analyzed with a static code analyzer, which, depending on the size of the repository, can take up to several minutes. Once it’s analyzed, Hakiri automatically deletes the downloaded repo from our servers. At no point does any human look at the code that is cloned by Hakiri.