Fort Knox,
encrypted.

We take security seriously. Like bank level security. Don’t just take our word for it, we can back that up.

     .------.
    / .----. \
   / /      \ \
   | |      | |
  _| |______| |_
.' |_|      |_| '.
'._____ __ _____.'
|     .'__'.     |
'.__.'.'  '.'.__.'
'.__  |    |  __.'
|   '.'.__.'.'   |
'.____'.__.'____.'
'.______________.'

1. We don't store your code.
We never store a single line of your code. We only analyse team contributions to determine the best owner. We don't touch your code and we never will.

2. We only request access to what we need.
We only need permission to access team structure and PR contributions. We will only open PRs to provide our recommendations and never merge a single line of code. That's completely up to you.

3. OAuth first authentication.
We let GitHub handle authentication since they are the experts at managing code access. Using OAuth to access CODEOWNERS, you can always remove our application or remove access to your account through GitHub settings. Quick and painless.

4. Secure integrations.
We only use external services that are fully encrypted and safe. All of our vendors have SOC2 compliance and very strict security measures.

5. SOC2 Compliant.
SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. We are currently in the process of waiting for our final approval. All tests for SOC2 are currently compliant.

6. All traffic is encrypted.
All of our traffic, in and out of CODEOWNERS in encrypted. That means no one can hijack a transaction or a message and save it for themselves. We also host all of our infrastructure in the same place to avoid external dependencies.

7. US/NY based infrastructure.
We host all of our servers and DBs within the same region/datacenter to avoid external access.

8. CI/CD with definitive PR protocols.
All deploys are handled through our very strict CI/CD tests and processes. All PRs must pass through our strict review and QA process before ever being deployed.

9. Regular pen testing.
We execute regular pen tests on our infrastructure to make sure our API doesn't leave any blind spots. We are extremely diligent to make sure everything is running smoothly.

10. Continuous monitoring.
We monitor every transaction on our server to avoid any errors while you use CODEOWNERS.com. Our team is monitoring constantly to make sure everything is running smoothly, with the help of robots 🤖.

11. Threat detection, DDoS protection.
With the help of our partners at Cloudflare, we are protected from DDoS attacks and other threats. You never know when someone wants to show up at the party without an invitation.

Stop guessing.
Find out exactly who knows best.

Install the extension on GitHub now and get started.

Install with GitHub