Skip to content

Security

Cortex takes security very seriously. The following is information about the data we store, how/what we access from third parties, and more.

Storage

Service Details

Cortex stores the metadata about your services on our servers in order to power features like the service catalog, slack notifications, and more. This includes:

  • Reference IDs to third party data (Pagerduty rotation ID, Okta group ID, etc)
  • Ownership information (users/owners)
  • Name/description

API Schemas

If you use Cortex's breaking API change detection feature, we additionally store the API schema uploaded to cortex (OpenAPI, GraphQL, etc).

Third Party Integrations

API Keys

We request read-only API keys for all services you integrate with. These API keys are encrypted at rest.

GitHub

The GitHub app requires the following permissions:

  • Read/Write on Checks - used to check for backwards incompatible changes (when enabled) and to check validity of the cortex.yaml file.
  • Read on Contents - used only to fetch commit history metadata (author, timestamp, message, SHA). We never use this permission to access contents of files; unfortunately GitHub does not provide apps with a granular permission to view solely commit history.
  • Read on Metadata - this is a default permission that is mandatory for all GitHub apps. We use this to get basic details about the repo (name, description, etc).
  • Read/Write on Pull Requests - this permission is needed for the backwards incompatibility checks and linting of the cortex.yaml file. The GitHub app comments on PRs with errors for both cases. This permission does not give us the ability to modify or commit code to the PR.
  • Read/Write on Commit Statuses - after checking for backwards incompatibility checks or linting the cortex.yaml file, we update the status of the commit with a pass/fail.