Security

BugProve is a cloud-native application running on AWS. Our architecture is designed to take advantage of managed services as much as possible, reducing the attack surface of the whole application, enabling infrastructure level at-rest encryption, and helping us achieve high availability through zone-redundant services. Scans are run in ephemeral containers, in an environment isolated from the internet and from our other services.

We validate our security posture by periodic internal security architecture reviews and external penetration tests. The report for the latest penetration test is available on request.

Availability

We designed our architecture to be resistant to the failure of a single availability zone in the hosting region. User data is also replicated to a paired region for disaster recovery. For incidents involving the loss of user data, we have an RPO of 15 minutes, with an RTO of 24 hours.

You can track the availability of our services and subscribe to notifications related to service outages and incidents at status.bugprove.com.

Reporting security issues

See our public Vulnerability Reporting and Coordinated Disclosure Policy, or our security.txt file.

On-premise version

If your internal security requirements prevent you from using BugProve’s cloud version, you can set up an on-premise deployment of BugProve. We have designed our on-premise version to be able to function in a completely offline air-gapped environment. Contact us if you are interested in trying our on-premise offering.