Security at Gitpod

Compliance

Gitpod is a European company committed to security and data privacy. We provide our users with the ability to access and control the information that we collect about them.

Gitpod is built with security in mind and we continuously invest in security best practices. We are currently in the process of becoming SOC 2 compliant and you can request a copy of our SOC2 audit report as soon as it's available.

Environment Isolation

Each Gitpod workspace or prebuild runs on a secured single-use container providing fast startup times without compromising on security

We create separate user, PID, mount and network namespaces for each Gitpod workspace, and establish an unprivileged node user as root within that user namespace. More details on the technical approach can be found in this talk from our Head of Engineering as well as in this blog post from the container security experts at Kinvolk who stress-tested our namespace layering implementation.

Open source

Built-in the open, our source code and how Gitpod is developed are publicly available for review by everyone. Our security posture, disclosure policy and speed in vulnerability handling is highlighted in the following blog post from the security research team at GitLab.

In addition to this, we acknowledge the importance of giving back to the community and have taken steps to support the software supply chain of Gitpod and our customers through the creation of a monetary fund for supporting open-source maintainers.

Authentication and Authorization

Gitpod uses your Git provider's SSO and, by default, all workspaces connections are private and authenticated, making them accessible only by the creator.

Prebuild logs are readable by all members of the corresponding team and no one else.

Encryption

All data, including workspace backups and environment variables, is encrypted at rest using AES256; and all connections to the Gitpod app, website, workspaces and workspaces' endpoints are encrypted in transit (TLS).