Lightrun Platform Security And Privacy
Lightrun works with tightly regulated, Fortune 100 organizations every single day. As such, our platform puts security first – ensuring every instrumentation meets the strict guidelines of the world’s leading standard bodies.
Guardrails For The Enterprise
Our founding team grew up and cut their teeth in the cybersecurity industry and we built Lightrun following the same ideals. Lightrun is standard-compliant and enterprise-ready from the get-go: a developer tool for the modern engineering organization.
The Lightrun Sandbox™
In order to give developers the best experience while maintaining the safety of the live application, every Lightrun SDK™ comes pre-packaged with its own Lightrun Sandbox™, a robust, patented mechanism that ensures that each Action is:
- Read-Only: each Lightrun Action is verified during invocation to ensure it does not have any unwanted side effects, blocking the Action and sharing the error to the client if it does
- Performant: each Lightrun Action is throttled and rate-limited to ensure that the application continues to perform as intended
- Private: PII Redaction and blocklisting are first-class citizens, ensuring no private or sensitive information is leaked
No Source Code Access
The Lightrun Platform does not rely on getting access to your source code repositories in order to access your application.
Instead, the Lightrun IDE Plugins utilize the IDE’s built-in code-indexing mechanisms in order to collect just the information required without using intrusive code-scanning techniques.
No source code is ever transmitted over the wire, only the basic metadata required to place an Action in the live application.
Lightrun supports file and package level blocklists, which allow system administrators to restrict access to certain resources and to restrict access to PII and other sensitive data.
As an additional security practice, Lightrun administrators can define system-wide ‘redaction expressions’ to ensure that sensitive information is never exposed to developers.
Fully Traceable And Auditable
Each activity executed by the Lightrun SDK™, Lightrun users (using a Lightrun IDE Plugin / CLI Client) as well as every integration is logged automatically.
A filterable audit log of all of these activities is readily available from the Lightrun Management Server to account for any security or compliance considerations that may arise.
Lightrun works with major enterprises across the world – including Fortune 100 companies – and adheres to strict compliance standards and security guidelines.
The Lightrun Platform consistently earns praise and accolades for its innovative approach to real-time, safe, instrumentation and is ISO-27001, SOC2 Type II, HIPAA and GDPR compliant.
Get Down To Business
Let one of our Observability Specialists walk you through the Lightrun platform.