Security Practices

Last updated: April 14, 2026

Security is foundational to EnsureFix. We handle your source code and repository credentials, so we take a defense-in-depth approach to protecting your data at every layer.

Encryption

In Transit

All data transmitted between your browser, our servers, and third-party services is encrypted using TLS 1.2+.

At Rest

  • VCS credentials (GitHub tokens, GitLab tokens, etc.) are encrypted using AES-256-GCM with unique initialization vectors per entry.
  • Passwords are hashed using bcrypt with a cost factor of 12.
  • Encryption keys are stored separately from the database and rotated periodically.

Authentication & Access Control

  • Session tokens: JWT-based, stored in HttpOnly, Secure, SameSite=Strict cookies with 24-hour expiry.
  • Token revocation: immediate logout invalidates the session server-side.
  • Account lockout: automatic lockout after repeated failed login attempts.
  • Role-based access: viewer, developer, admin, and platform_admin roles with granular permissions.
  • Organization isolation: all data queries are scoped by organization ID — users can never access another organization's data.

Application Security

  • SQL injection: all database queries use parameterized prepared statements.
  • SSRF protection: server-side URL fetching blocks private IP ranges (RFC 1918, link-local, loopback) and allowlists known VCS domains.
  • Command injection: all subprocess calls use argument arrays, never shell string interpolation.
  • XSS protection: React's default JSX escaping prevents cross-site scripting.
  • Rate limiting: API endpoints are rate-limited to prevent abuse.
  • Error handling: error responses return generic messages; internal details are logged server-side only.

Audit Logging

  • All security-relevant actions (logins, permission changes, commits, plan approvals) are recorded in an immutable audit log.
  • Audit entries are tamper-detected using SHA-256 hash chains — any modification is detectable.
  • Database triggers prevent UPDATE and DELETE operations on audit records.
  • Audit logs are retained for 7 years for compliance purposes.

Webhook Security

  • GitHub webhooks: verified using HMAC-SHA256 signature validation.
  • GitLab webhooks: verified using X-Gitlab-Token header.
  • Deduplication: webhook deliveries are deduplicated by delivery ID and payload hash to prevent replay attacks.
  • Organization resolution: webhooks are routed to the correct organization based on repository registration — no default fallbacks.

AI Processing Security

  • Code is transmitted to Anthropic's Claude API over encrypted connections (TLS).
  • Anthropic does not use API-submitted data to train its models.
  • AI-generated code passes through multiple validation layers before being presented to users: plan quality checks, post-generation validation, and a confidence-based decision engine.
  • High-risk fixes require explicit human acknowledgment before they can be committed.

Infrastructure

  • Self-hosted deployments keep all data within the customer's own infrastructure.
  • SaaS deployments use industry-standard cloud providers with SOC 2 compliance.
  • Internal API communication between the dashboard and worker is authenticated using a shared secret with timing-safe comparison.

Responsible Disclosure

If you discover a security vulnerability in EnsureFix, please report it responsibly. Contact us at security@ensurefix.com. We appreciate your help in keeping EnsureFix secure and will acknowledge your report within 48 hours.