
Lightrun Platform Security And Privacy
Lightrun works with tightly regulated, Fortune 100 organizations every single day. As such, our platform puts security first – ensuring every instrumentation meets the strict guidelines of the world’s leading standard bodies.




Guardrails For The Enterprise
Our founding team grew up and cut their teeth in the cybersecurity industry, and we built Lightrun following the same ideals. Lightrun is standard-compliant and enterprise-ready from the get-go: a developer tool for the modern engineering organization.
No Access To Your Code
Lightrun assures organizations that their code remains private and secure by never accessing it in the first place, either on the client or the SDK side.
Enterprise-Grade Certifications
Lightrun is ISO-27001, SOC 2 Type II, GDPR, and HIPAA compliant.
Sandbox
Inserted Actions are emulated in a dedicated Sandbox to validate there are no side effects to the original flow and state.
Encryption In Transit And At Rest
Traffic is encrypted using TLS v1.2 for security in transit and AES-256 for security at rest.
Certificate Pinning
On both the client and the SDK side.
RBAC And Audit Trail
Lightrun activity, Actions, and changes are logged and auditable with Lightrun providing several roles to support granular management and segregation of duties.
Blocklisting And PII Redaction
Lightrun allows organizations to completely exclude specific code segments and redact specific patterns on the fly.
SSO Support
Using SAML, OpenID, Okta, Google SSO, and other providers.
The Lightrun Sandbox™
In order to give developers the best experience while maintaining the safety of the live application, every Lightrun SDK™ comes pre-packaged with its own Lightrun Sandbox™, a robust, patented mechanism that ensures that each Action is:
- Read-Only: Each Lightrun Action is verified during invocation to ensure it does not have any unwanted side effects, blocking the Action and sharing the error to the client if it does
- Performant: Each Lightrun Action is throttled and rate-limited to ensure that the application continues to perform as intended
- Private: PII Redaction and blocklisting are first-class citizens, ensuring no private or sensitive information is leaked
No Source Code Access
The Lightrun Platform does not rely on getting access to your source code repositories in order to access your application.
Instead, the Lightrun IDE Plugins utilize the IDE’s built-in code-indexing mechanisms in order to collect just the information required without using intrusive code-scanning techniques.
No source code is ever transmitted over the wire, only the basic metadata required to place an Action in the live application.
Data Privacy
Lightrun supports file and package level blocklists, enabling system administrators to restrict access to certain resources and to restrict access to PII and other sensitive data.
As an additional security practice, Lightrun administrators can define system-wide ‘redaction expressions’ to ensure that sensitive information is never exposed to developers.
Fully Traceable And Auditable
Each activity executed by the Lightrun SDK™, Lightrun users (using a Lightrun IDE Plugin / CLI Client) as well as every integration is logged automatically.
A filterable audit log of all of these activities is readily available from the Lightrun Management Server to account for any security or compliance considerations that may arise.
Completely Compliant
Lightrun works with major enterprises across the world – including Fortune 100 companies – and adheres to strict compliance standards and security guidelines.
The Lightrun Platform consistently earns praise and accolades for its innovative approach to real-time, safe, instrumentation and is ISO-27001, SOC2 Type II, HIPAA, and GDPR compliant.
Get Down To Business
Let one of our Observability Specialists walk you through the Lightrun platform.