LAST UPDATED: 05 / 10 / 2017
Coveralls Enterprise operates on your infrastructure, which means it is governed by your existing information security controls: from firewalls and VPNs, to IAM and monitoring systems. This on-premises solution can help you avoid the regulatory compliance issues that arise when you use cloud-based solutions. Below is an overview of the security features built into the appliance, along with information about Coveralls's development practices for application security.
Organizations, created on your locally installed GitHub Enterprise instance, are a core concept in Coveralls Enterprise. Membership to and organization on GitHub enterprise grants a user on Coveralls access to all of that organization's repositories.
Coveralls Enterprise provides two primary authentication methods.
Coveralls Enterprise is designed to run behind your corporate firewall. To secure communications over the wire, we encourage you to run Coveralls Enterprise over SSL. An administrator can add 2048-bit or higher commercial SSL certificates for HTTPS traffic.
Coveralls's application security team focuses full-time on vulnerability assessment, penetration testing, and code review for Coveralls products.
By design, Coveralls Enterprise is able to operate without any egress access from your network to outside services. The system administrator can optionally enable the integration of external services such as SMTP.
The system does not attempt to communicate with Coveralls's own servers; however, your system administrator can collect data helpful for troubleshooting any issues, and manually deliver that data to the Coveralls Enterprise Support Team.