Graphite
Graphite is modern code review for fast-moving teams - we help engineers write and review smaller pull requests, stay unblocked, and ship faster.Graphite integrates with GitHub to provide you with an optimized code review experience. You'll be able to:
- Write and publish your own stacked pull requests using the Graphite CLI
- Surface changes that need your attention, and review them with the Graphite dashboard
- Receive notifications for review requests, comments, merges, and more
- Review and merge pull requests without leaving Slack
- Write and publish your own stacked pull requests using the Graphite CLI
- Surface changes that need your attention, and review them with the Graphite dashboard
- Receive notifications for review requests, comments, merges, and more
- Review and merge pull requests without leaving Slack
Permissions
Graphite will be able to view:
Graphite will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Graphite
Company headquarters location
United States
Terms of service
Privacy & data governance
Data retention policy
The time period for which Graphite must retain customer data depends on the purpose for which it is used. Graphite must retain customer
data for as long as an account is active or in accordance with the agreement(s) between Graphite and the customer, unless Graphite is
required by law or regulation to dispose of data earlier or retain data longer.
Data archiving and removal policy
Graphite must dispose of customer data within 30 days of a request by a current or former customer or in accordance with the Customer’s
agreement(s) with Graphite. Graphite may retain and use data necessary for the contract such as proof of contract in order to comply with its
legal obligations, resolve disputes, and enforce agreements. Graphite hosting and service providers are responsible for ensuring the removal
of data from disks allocated to Graphite use before they are repurposed and the destruction of decommissioned hardware.
Only a limited number of Graphite employees should have access to delete customer data.
Upon employee or contractor termination, company-owned devices will be collected and sanitized prior to device re-issuance in accordance
with NIST Guidelines for Media Sanitization (NIST S.P. 800-88 Rev. 1).
Data storage policy
Data Protection Principles
We identify Nonpublic data and label it as such
We put in place reasonable and appropriate safe guards to protect access, corruption, and modification to data
We implement least privilege access to sensitive information and review regularly
We limit PII collection, sharing, disclosure, and use to business need
Alternatives to Handling Sensitive Data
To protect ourselves from losing or accidentally leaking sensitive information, Graphite Team Members will avoid handling sensitive information whenever possible (you can’t accidentally share a secret you don’t have). This way, even if a system is compromised, sensitive
information stays safe.
Whenever considering handling of sensitive data, Graphite Team Members attempt to find alternative ways to achieve the same goal without sensitive data. If sensitive information is necessary to achieve our business goals, Graphite Team Members classify the data and work to
ensure that appropriate safeguards are put in place.
Encryption of Sensitive Data
Data In Transit
All data transferred to or from Graphite’s environment happens via industry standard crypto graphic protocols. Every single request is
required to be made via secure https, whether PII is involved or not. Our security certificates all utilize the newest SHA2 family of
cryptographic hash functions.
Graphite uses TLS 1.0 and above, with strong key and message exchange algorithms when ever transmitting sensitive data.
Graphite maintains a list of supported encryption algorithms and review it on an annual basis.
Graphite Team Members have access to and choose secure methods to send sensitive information, if there is a need to share.
Graphite Team Members will never send Confidential data unencrypted.
Data at Rest
Graphite encrypts all data in our network at rest using AES256. We use a Key Management System to support the effective rotation of
encryption keys. All devices accessing or storing Confidential data employ system level data encryption.
Password Storage
Graphite only stores passwords that have been hashed and salted if we store passwords at all. Where appropriate, we may use dedicated
password management systems that implement this for us.
We never store passwords without first hashing them using a secure password hashing algorithm we’ve explicitly approved. In addition, we
“salt” all hashed passwords to prevent “dictionary attacks”.
In short, an attacker can never use the hashed password stored with Graphite to “guess” a user’s password.
Passwords are never hardcoded. Sometimes, our systems need to use authentication to inter act with other systems, either internal or
external. In those cases, we use secrets managers and dedicated key management systems to pass credentials (like API keys) as environment
variables during the server provisioning process, so that they are only stored securely “in memory".
Backup Policy
To prevent loss of data, we perform regular backups of our system databases. We do it accord ing to a set schedule, at a time of minimal
impact to the System.
Database backups are generated at least every day and maintained for at least 7 days.
Database backups are stored in a separate physical location from production databases to provide redundancy
Graphite Team Members handle information archived for backup purposes following the same confidentiality classification of the original
information.
Our software defined architecture (IaC) allows us to retain known good, version controlled con figurations of our network architecture and
enables rapid restoration of services in the event of a disruption.
App/service has sub-processors
no
Certifications & compliance
SOC attestation
Data deletion request procedure
Graphite must dispose of customer data within 30 days of a request by a current or former customer or in accordance with the Customer’s
agreement(s) with Graphite. Graphite may retain and use data necessary for the contract such as proof of contract in order to comply with its
legal obligations, resolve disputes, and enforce agreements. Graphite hosting and service providers are responsible for ensuring the removal
of data from disks allocated to Graphite use before they are repurposed and the destruction of decommissioned hardware.
Only a limited number of Graphite employees should have access to delete customer data.
Upon employee or contractor termination, company-owned devices will be collected and sanitized prior to device re-issuance in accordance
with NIST Guidelines for Media Sanitization (NIST S.P. 800-88 Rev. 1).
HIPAA compliant
no
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2023-01-10
Executive summary is available to potential customers upon request
yes
Supports Single Sign On (SSO) with the following providers
GitHub
Supports Security Assertion Markup Language (SAML)
no
Has a dedicated security team
yes
Contact for security issues
security@graphite.dev
Has a vulnerability disclosure program
no
Has a bug bounty program
no
Requires third party authorization/connections
yes
Uses token rotation
no