CodeDigSecurity
A concise overview of how CodeDig handles source code, analysis metadata, and security reviews.
Data Handling
CodeDig clones your repositories into ephemeral, isolated environments for analysis. Raw source code is not persisted after analysis completes — only the extracted metadata (symbols, dependencies, findings) is stored. Each tenant's data is logically isolated at the database level.
Encryption
All data is encrypted in transit (TLS 1.2+) and at rest. API keys and access tokens are hashed before storage. We never log sensitive credentials.
Access Controls
CodeDig uses role-based access control (RBAC) with support for SSO via OIDC, SAML, and LDAP. API access is authenticated via scoped API keys with configurable rate limits.
Compliance
SOC 2 readiness work is planned/in progress, but CodeDig is not claiming completed SOC 2 certification today. We keep public security language current as controls and audits mature. For a fuller current-state summary, see the Trust Center.
Responsible Disclosure
If you discover a security vulnerability, please report it to security@codedig.ai. We appreciate responsible disclosure and will acknowledge your report within 48 hours.
Need more detail?
Review repository access, source-code retention, AI-provider policy, and governance details in theCodeDig Trust Center.