Security FAQs

How is Muse deployed?

Muse software is delivered as service. It integrates with your source repository to automatically run at each pull request.

How does Muse work?

Upon each pull request (which Muse monitors via the repo host), Muse clones your repo and runs its analyzers over the code, delivering results as code comments within the repo’s code review tool. Upon completion of the analysis of private repositories, Muse will delete its copy of your repository.

What’s the high-level architecture?

Muse is a container-based platform on Linux running on Amazon Web Services (AWS). The cloud platform integrates directly with repository hosts like Github and requires no installation of code into your environment.

How does Muse handle our source code and other confidential information?

Muse recognizes the value of its customers’ source code and the importance of maintaining confidentiality. Muse retains its customers’ data only to the extent required to deliver its service and for only as long as required to do so. Muse treats its customers’ source code and related information as highly confidential, and cares for it with the same degree of care we use to preserve our own confidentiality. Muse encrypts its data at rest using industry standard encryption and for data in transit, Muse relies upon TLS and shared secrets with Github/Gitlab/Bitbucket) to encrypt source code and other data transmitted to/from Muse. Muse further separates its customers’ data by providing a dedicated single-tenant AWS node for the duration of each analysis. For Muse on-premise deployments, neither your source code nor our analysis results leave the Muse server.

Does MuseDev process “Personal Data” as defined by GDPR and similar privacy laws?

MuseDev captures Personal Data solely of its own end-users, i.e. those individual developers with Muse accounts. Specifically, we capture name, email address and other information received from Github through our SSO integration. We retain and use such data only as long as necessary and in compliance with law.

How do you handle authentication and otherwise manage user accounts?

Muse relies on integrates with 3rd party single-sign on (SSO) providers like Github so customers can use their existing accounts on those platforms to log into Muse. User accounts in the Muse platform are associated with the credentials of the SSO providers.