๐ Security
Is it safe to use Foresight?โ
Yes, it is safe. But actions speak louder. Hence, our key users are a sign of our safety.
Here is a list of projects using Foresight:
- Wordpress VIP
- Stedi
- Craftgate - a fintech company
- Open Telemetry
- Keycloak
- Pypa
One of our customers, Craftgate - a fintech company, has been using Foresight with a custom GitHub app, which is fully PCI-DSS compliant. You can watch his words from here.
FAQ about Securityโ
Which permissions does the Foresight GitHub app require?
Read access to actions and metadata
For gathering data such as your workflow name, workflow run durations, etc.
This is required for using features such as:
Read and write access to issues, pull requests and checks
For commenting on your pull requests and checks. We don't modify or change any of your PR content, code base, etc.
Does Foresight see / modify / change my code?
Foresight will never store, commit, or modify anything on your code. Your code never goes through Foresight's backend servers at any time. We don't have access to your repository contents, secrets, or administrative information.
If you want to use Foresight's change impact analysis, Foresight only shows not tested changed lines of code by looking at your PR and code coverage report.
Is there any way where I don't install your GitHub app but still use Foresight?
Yes, with our custom GitHub app solution, you can manage your permissions. This way, you will be in charge of which permission you give access to Foresight. However, you may lose access to some of the features by limiting some of the permissions.
If you would like to learn more about the Custom GitHub application, please contact us here.