I need to know and verify that my site is secure.
All changes to code happen through Git.
Sometimes users commit broken code. But if they do...
There's no secret. It's right there in the Git log.
Who, When, and Where.
The server is read-only. No one can "fix it live" and forget it.
That means even if a site is compromised, the code can't be.
The Administrator can add Jorge to
integration branch as a Contributor.
But don't worry.
While this user can commit to the
They can't merge it to
master without a review.
No one likes broken code, even on Fridays.
Security is on us.
You pick the major version; we handle security updates
- Operating System
- System software
We run hardened Linux Kernels, and all deployed packages come from internal signed repositories.
Operations are fully automated. All operations are logged.
Only HTTP/S and SSH are allowed in. Services run in full network isolation.
SSH access is controlled per-environment. All users are unprivileged.
Any login to the dashboard can be enforced through a second authentication method.
Free TLS certificates included in every project, or bring your own.
Platform.sh is compliant with the GDPR, BDSG, and PIPEDA.
Our cloud partners are certified under
multiple compliance frameworks.