Skip to content

Commit 897237f

Browse files
afzaljasaniafzaljasani
committed
add pen test section
1 parent c9e7931 commit 897237f

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

docs/cloud/features/security/security.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,10 @@ Below you will find a few examples of our internal code requirements.
5151
- Attestations are created to certify an image. We use GCP Binary Authorization to enforce this. [Attestation docs](https://cloud.google.com/binary-authorization/docs/key-concepts#attestations)
5252
- Encryption is a key feature of our security posture and is enforced at each stage of access. For example, the state database automatically encrypts all data. Credentials are also securely encrypted and stored.
5353
- We back up each state database nightly and before upgrades. These backups are stored indefinitely.
54+
55+
## Penetration Testing
56+
57+
At least once a year, Tobiko engages a third-party security firm to perform a penetration test. This test evaluates our systems by identifying and attempting to exploit known vulnerabilities, focusing on critical external and/or internal assets. A detailed report is available upon request.
5458

5559

5660
## Asset and Access Management

0 commit comments

Comments
 (0)