Compliance
CodeRabbit is proud to have achieved external compliance verification with specific standards and can furnish evidence and details regarding the controls implemented related to these benchmarks.
SOC2 Type II
Annual independent security audits verify our controls meet AICPA Trust Service Principles for security.
Request accessGDPR
Comprehensive data privacy measures ensuring full compliance with EU data protection regulations.
Request accessSecurity
Zero-data retention
CodeRabbit communicates with LLM providers to generate code reviews. We send code diffs along with contextual data about the code to improve code reviews and provide better suggestions. The data is encrypted in transit using transport layer security (TLS). Proprietary code is never used to train or improve the models in any way. Queries to the LLMs are ephemeral, and no data is stored or logged by the LLMs.
Complete data isolation
Upon starting a new review, CodeRabbit starts in an isolated environment. Upon finishing the review and finally posting the review comments, CodeRabbit disposes of the environment and no traces of the code are stored on CodeRabbit’s servers. This flow ensures that no parts of the codebase are available outside of the scope and duration of the code review.
Audits and Certifications
CodeRabbit is SOC 2 Type II certified, with a new report released annually. The report describes CodeRabbit's security controls and examines how those controls meet the AICPA Trust Service Principles. It provides an independent assessment of how well CodeRabbit manages data with respect to security, availability, and confidentiality.
How does CodeRabbit help in secure development?
LLM-Powered Code Reviews
CodeRabbit uses LLMs to identify vulnerable coding patterns in real-time during code reviews, suggesting secure alternatives before code is submitted to a PR.
Comprehensive Security Scanning
Our platform offers robust security tools for code scanning, secret scanning, and vulnerability detection, helping to identify issues like hardcoded keys, credentials, and SQL injections to safeguard your codebase.
Pre-PR Security Verification
CodeRabbit verifies the absence of insecure coding patterns before posting code review PRs, ensuring compliance and protecting your code from threats.
Our privacy policy
Does CodeRabbit collect and process data?
Metadata
Code
Metrics
Learnings
Issues
Does CodeRabbit comply with GDPR and other protection laws?
Does CodeRabbit delete the collected data after the CodeRabbit account is deleted?
Still have questions?
Contact us