Rookout never sees nor has access to your source code. It is yours and yours alone. In fact, your code never even reaches the Rookout servers.
When you integrate your source code into Rookout, it remains between your code repository and your local browser.
The view of the source code is needed only so that you can easily click a line to set a non-breaking breakpoint in your running application, getting visibility to you as quickly as possible.
When you set a non-breaking breakpoint, the Rookout servers only receive:
> File path
> Line number
> SHA256 (hash of the file)
> Crc (line hash)
No organization should risk its systems by introducing components that aren’t adequately secured, which is why at Rookout, security comes first.
Rookout is SOC 2 Type 2 compliant, maintaining the highest security standards and dedicated to the safety of your data. We maintain transparency in our protocols, which are documented and verified. We are regularly audited by an independent certified public accountant to make sure we have the best safeguards and procedures in place.
Rookout is trusted by Fortune-500 companies globally.
You may import your code from a repository of your choice: GitHub, BitBucket, and GitLab.
Rookout meets the principle of least privilege, and to complete the integration it requires as little permissions as possible.
Your source code data remains secure as it travels directly from your code repository to your browser, without going through the Rookout web servers at any point.
Rookout never makes any changes to your repo or its configuration in any way. We won’t commit, modify pull requests, or install Webhooks.
The Rookout Desktop App is an open-source, digitally-signed application which lets you access local files from your browser.
It allows you to fetch files from your local file system, as well as from a local Git-based repository or from a Perforce instance.
If you’re using Rookout and still have questions about Security, you’re welcome to contact us.