Puzl is committed to providing a secure environment for the Cloud Pipelines service. The approach to security is focused on safeguarding of infrastructure and the customers' data, adhering strictly to industry best practices and compliance standards.
Our data centers are Tier II or Tier III certified. This includes redundant-capacity components and multiple independent distribution paths serving the IT equipment. Data centers employ rigorous physical security measures, such as 24/7 surveillance, limited access controls, and secure perimeter defenses, ensuring the physical integrity and protection of our infrastructure against unauthorized access or environmental threats.
Puzl implements enhanced security measures to protect the environments in which your pipeline jobs and runners do operate:
Source Code Security: We ensure that all communication with the version control system to access source code is encrypted using SSH and/or HTTPS.
Dynamic KVM Allocation for Pipeline Jobs: Each pipeline job is executed within its own dynamically spawned Kernel-based Virtual Machine (KVM), starting from a clean state. This ensures complete isolation and a secure, controlled environment for every job.
Environment Variable Encryption: All environment variables used within your pipeline jobs are encrypted in-flight before they enter the isolated Kernel-based Virtual Machine (KVM). This ensures that they are never stored unencrypted outside of the memory.
Network Isolation: Each runner and each pipeline job is isolated not only from external networks but also from each other, ensuring no cross-access or interference.
No Storage of Standard Output: The standard output (stdout) of pipeline jobs is not stored, maintaining the confidentiality of the runtime data.
Ephemeral Filesystem: Our system uses an ephemeral filesystem during runtime. This filesystem is completely erased after the job's completion, preventing any accidental data storage.
OpenID Connect: Our system supports authentication via OpenID Connect, allowing secure access control to all user resources.
Security architecture of puzl.cloud includes multi-layered defense mechanisms, such as firewalls, isolated networks, and segregated Kubernetes clusters. These isolated clusters enhance the security of our containerized applications by providing an additional layer of isolation and control.
EU GDPR Compatible: Puzl is fully compliant with the General Data Protection Regulation (GDPR), ensuring the highest standards of user data privacy and security. For more details, please refer to our Data Processing Terms.
Configuration Policies: We enforce strict organizational compliance limiting as much as possible the amount of employees which have access to user workloads and data.
Secure Data Transfer: All data in transit is encrypted using industry-standard protocols.
Encrypted Sensitive Data: The content of all Secrets is encrypted.
Isolated Data Storage: Puzl implements stringent isolation measures for persistent data storage, ensuring that data at rest is also securely segregated and protected against unauthorized access or breaches.
puzl.cloud's development practices are designed with a strong focus on security, encompassing multiple layers of safeguards:
Secure Coding: Our developers strictly adhere to secure coding standards, aiming to minimize vulnerabilities right from the development phase.
Controlled Release Process: Each release undergoes a thorough review and control process. This ensures that only secure, vetted changes are deployed into production, reducing the risk of introducing potential security issues.
Application-level Security Testing: We conduct rigorous testing against common security risks, ensuring our applications are resilient against a wide range of vulnerabilities.
At Puzl, we encourage reporting of any security concerns or vulnerabilities and strive to resolve them at the high priority level for prompt action.
To report an issue or incident:
Immediate Notification: Contact us immediately at
firstname.lastname@example.org a detailed description of the issue.
Responsible Testing: Please conduct any testing against simulated or fake data and accounts. Avoid using real user data. If necessary, request a test account from us.
Collaborative Resolution: Work with our team to understand and remediate the vulnerability before any public disclosure, to ensure the protection of all users' data.
Please note that puzl.cloud does not operate a bug bounty program. We do not offer financial rewards for vulnerability disclosures. However, we value your contributions towards enhancing the security of our ecosystem and encourage responsible reporting practices.