Blacksmith is SOC2 Type 1 compliant

We are excited to announce that Blacksmith is SOC2 Type 1 compliant!

SOC2 is recognized as one of the world's highest information security compliance standards. An independent, third-party auditor reviewed our internal controls to certify us as SOC2 Type 1 compliant. This further validates Blacksmith’s commitment to upholding industry-standard security and data practices.

A couple of other noteworthy steps we have taken over the last few months are:

Hiring an independent security consultant to pentest Blacksmith
Implementing a robust disaster recovery plan for our database and backend instances to safeguard against potential outages

Blacksmith has been built from the ground up with security in mind. Running CI for our customers means we often get questions about how we interact with their data. Some things we like to highlight are:

Data Retention: We don’t store any data from your runs except metadata relating to job executions. Our GitHub app doesn’t have access to your secrets.
GitHub JIT Tokens: We use just-in-time (JIT) tokens for each job executed as part of a GitHub Action. These tokens can only be used for a single execution, after which they are removed from the repository, organization, or enterprise, reducing exposure and enhancing security.
Ephemeral VMs with Firecracker: GitHub Actions that run on Blacksmith have KVM hardware isolation, are built on a memory-safe stack, and run directly on our metal. The execution of each Github Action job is isolated in a virtual machine (VM), and all state is destroyed on completion. Under the hood, we use Firecracker to manage these ephemeral VMs. Firecracker is maintained by AWS and runs millions of untrusted workloads for AWS Lambda and Fargate.

At Blacksmith, we continually seek ways to strengthen our security and will regularly evaluate our security through independent audits and consultants.

If you want a copy of our SOC2 Type 1 report or have any questions about security at Blacksmith, please email us at hello@blacksmith.sh.

‍

Thank you! We will notify you when we publish new posts!

Oops! Something went wrong while submitting the form.

Blacksmith is SOC2 Type 1 compliant

Recent Posts

You have 5 days before the new DockerHub limits f*ck you over.

Launch: GitHub Actions Analytics

Deployments still suck, but maybe they don’t have to

Recent Guides

Best Practices for Managing Secrets in GitHub Actions

How to reduce spend in GitHub Actions

Matrix Builds with GitHub Actions

Blacksmith is SOC2 Type 1 compliant

Get notified about new posts

Recent Posts

You have 5 days before the new DockerHub limits f*ck you over.

Launch: GitHub Actions Analytics

Deployments still suck, but maybe they don’t have to

Recent Guides

Best Practices for Managing Secrets in GitHub Actions

How to reduce spend in GitHub Actions

Matrix Builds with GitHub Actions