What is the Platform.sh approach to security?
Notes
Teams need to be able to know and verify that their sites are secure at all times.
On Platform.sh, every change to your application code, infrastructure or otherwise, has to occur through Git.
This ensures that even when team members commit broken code, it can always be traced back to the source.
So you can find out what was changed, who made that change, and when was it applied to production, all visible in the Git log.
Additionally, Platform.sh containers are read-only post-build, making it impossible for anyone to "fix it live" and forget it. That
means that even if the site has been compromised, the code can't be.
What's more, Platform.sh provides strict controls to limit who can contribute to which environments right from the beginning.
So even though you can add a user to commit to one branch,
they are incapable of merging into master
without proper review first. Because no one likes broken code,
even on Fridays.