What data GitRunners has access to?

GitRunners integrates with Github using a Github App requesting some permissions. The app permissions allow us to listen for Github Actions related events and register the required runners.

The official Github Actions Runner application is used to run your job in our environments.

Only a runner can get access to your repositories and only for the limited time of the job it is executing using a token provided by Github. You can read more about it on the Github Action Runner documentation.

A job may require access to your Github secrets and OIDC tokens.

Your Github data (e.g. your username) and the job metadata is stored in our encrypted database. The metadata contains information such as which job has been run, for which repository and the job duration.

How long is my data stored in the runner hosts?

Runner life depends on the job duration, at the end of the job the VM hosting the runner is completely wiped out and no data is kept.

Each runner is fully isolated from each other and a network firewall blocks all the communication not started from itself.

What happens in the event of a data breach?

In the event of a data breach, GitRunners will take immediate action to assess the extent of the breach and identify the affected users. GitRunners will then notify all affected users within 24 hours from the discovery of the breach. The notification will include information about the nature of the breach and the measures taken to address it, as well as any recommended actions for users to take in response to the breach.

GitRunners will also take appropriate steps to prevent future breaches and protect user data, including implementing additional security measures, conducting regular security audits, and regularly updating our security policies.

If required by law, GitRunners will also report the data breach to relevant authorities and comply with any reporting requirements.

GitRunners is committed to protecting user data and will take all necessary measures to prevent data breaches and minimize the impact of any breaches that occur.

How to report a security vulnerability?

Please refer to our security.txt for any security related issues.