Security you can verify, not just trust.

Every security claim below is architecturally enforced — not just policy.

🔒

Your code never touches our servers

We only process SBOM metadata — package names, versions, and dependency graphs. Your source code stays in your repository. The AI repair engine works with code slices only during sandboxed execution, and those slices are deleted immediately after the job completes.

📦

AI repairs run in isolated sandboxes

Every AI-generated patch runs in a locked-down Docker container: --network none (no internet), --read-only (immutable filesystem), --cap-drop ALL (no privilege escalation), 512 MB memory limit, 1 CPU, 5-minute timeout. No exceptions.

🏛️

Row-level security on all data

PostgreSQL RLS (FORCE) scopes every tenant query by org_id. Cross-tenant data access is architecturally impossible — even superuser queries are filtered. 17 tenant tables with RLS enforcement at the database layer.

🔐

Encrypted in transit and at rest

TLS 1.3 enforced on all endpoints with HSTS preload. AES-256 encryption at rest via AWS RDS and S3 server-side encryption. Passwords hashed with bcrypt (cost factor 12). Audit logs secured with SHA-256 hash chain and HMAC-SHA256 webhook signatures.

SOC 2 Type II in progress

We are actively pursuing SOC 2 Type II certification. Audit period began Q1 2026 with completion targeted for Q3 2026. Our architecture — RLS isolation, tamper-evident audit logs, encrypted storage, and sandboxed execution — was designed from day one to meet SOC 2 Trust Service Criteria.

AI Repair Pipeline Security

Your code is isolated at every stage. Here is exactly where each security boundary applies.

1
CVE Detection

SBOM metadata only — no source code leaves your repo

2
AI Analysis

Code slice sent to Claude API via encrypted channel. Deleted after response.

3
Sandbox TestFully Isolated

Docker: --network none, --read-only, --cap-drop ALL, 512MB, 5min timeout

4
Re-scan

Patched code re-scanned with Semgrep + AI to verify no new vulnerabilities introduced

5
PR Creation

Patch delivered as a standard PR. You review and merge — we never push to your main branch.

Responsible Disclosure

We welcome security researchers who help keep PatchOps Guard safe.

Contact security@bitmax.im
Policy — 90-day coordinated disclosure. Acknowledgment within 2 business days.
security.txt /.well-known/security.txt