Security Overview
info
Security is of paramount importance to us. If you have any questions or concerns, please contact us.
Contact usSupply Chain Security
Artillery.io uses a software development process centered around continuous integration, deployment and verification, with security effort applied throughout the development and release cycle.
We use a number of security best-practices to ensure security in our development and deployment processes:
MFA and single sign-on is used and enforced across all services we use and depend on
We use CI (and CD where appropriate), with protected main/deployment branches
Static security analysis and scanning of application and infrastructure code, libraries and other dependencies with automated alerting
Centralized logging for auditing and alerting
Infrastructure as code with all infrasttructure & configuration changes going through CICD
AWS best practices: Assume Role for access to AWS resources, with CloudTrail logs for auditing. AWS Audit Manager and Security Hub for continuous verification of our configuration against industry standards:
- AWS Foundational Security Best Practices v1.0.0
- CIS AWS Foundations Benchmark v1.2.0
We are actively working on expanding the list of security benchmarks for our systems.
We use an MDM solution for endpoint security on all employee and contractor devices
All customer and user data is stored and processed by third-party suppliers (see Vendor Security), subject to industry-standard security & compliance processes
Questions? Please contact us with your inquiry.
Solution Security
Please see Solution Security
Physical Security
Artillery.io production and development infrastructure is hosted in Cloud Service Provider (CSP) environments. Physical and environmental security related controls for Artillery.io servers, which includes buildings, lock, and key security, are managed by those CSPs. See Vendor Security for more details.
Corporate Security
Transport level security for network access is enforced for all services Artillery.io depends on (internal and external). Users are authenticated by way of a central identity provider with use of single sign-on and multi-factor authentication (including the use of physical MFA tokens where possible).
Vendor Security
Artillery.io leverages a number of third-party applications & services to support the delivery of our products to customers.
Some of our key subprocessors are listed below. If you'd like a copy of the full vendor list, please contact us to request a copy.
| Vendor | Residency | Type of Service |
|---|---|---|
| Amazon Web Services, Inc | United States | Cloud infrastructure |
| Google LLC (G Suite) | United States | Email and office applications |
| Github, Inc | United States | Internal collaboration |
| Circle Internet Services, Inc | United States | Continuous integration services |
| Datadog, Inc | United States | Monitoring, logging and analytics |
| Mailgun Technologies, Inc | United States | Email and office applications |
| Slack Technologies, Inc | United States | Messaging services |
| Stripe, Inc | United States | Payment processing |
| Chargebee, Inc | United States | Billing services |
| Notion Labs, Inc | United States | Internal collaboration |
| Snyk, Ltd | United Kingdom | Security scanning |