Datree was developed with security as a top priority, ensuring that sensitive data is never unnecessarily used or exposed. This page addresses security-related aspects of Datree and its components.
Where are the policy check evaluations performed?
Datree's policy evaluation process is entirely local. Only minimal metadata is sent to our backend, which is used to display your policy check results in your dashboard, so you can understand where your misconfigurations are and how to fix them.
What does the metadata sent to the backend contain?
- Identification data - required for the backend to identify the user. Examples: client ID, account ID.
- Software data - information about the machine on which Datree was run, to be displayed in the dashboard. Examples: OS version, flags.
- Policy data - data related to the policy that was performed. Examples: policy name, rules to be evaluated.
- Evaluation data - results of the policy check. Examples: name of tested resource, number of passed/failed rules.
Are my files and their content sent/stored anywhere?
Your files and their contents are not sent to our backend, as the policy check is performed locally (in your environment). Datree does not have access to your files and their contents.
What network protocols are used for communication between the CLI and the dashboard?
All communication is done via https, encrypted using SSL with industry best practices in mind.
We do not require (and therefore do not store) any signup details, since we support registration via google or github only. Only your email address is stored.
Tokens are used to connect your policy checks to your dashboard. Should a token be stolen, it cannot be used to access any of your files. Having said that, we strongly encourage you to keep your tokens private and limit their exposure to relevant people only.