How secure is Upsource about my repositories and codes?

I simply want to know how secure Upsource is. For example, I want to confirm that:

(1) my code passes from Github repos to my local Upsource server through secure channels/straightforward Git protocol without any in-between third parties

(2) my local Upsource server does not mutate any Github repo states or settings; it only reads the codes

(3) my local Upsource server does not upload my code to anywhere else

(2) the code stored on my local server is not easily accessible for someone without credentials


I greatly appeciate it if you could help me evaluate some of these concerns or come up with other useful caveats. Thanks a lot.

Comment actions Permalink

Hi Tao,

No concerns about security:

1. Yes, Upsource uses git protocol to fetch data from the repository (namely Upsource uses jgit client) and using those credentials/type of connection you have specified in the project settings.

2. Upsource only reads data and doesn't change anything on the repo side.

3. No, Upsource doesn't upload your code "anywhere else".

4. Exactly, you have to have Upsource credentials to access the code (Don't forget to disable guest account J)

Hope it helps.

Comment actions Permalink

Your information helps. Thanks!


Please sign in to leave a comment.