Announcing SOC2 Compliance: ensuring your internal developer portal is as safe as it should be
December 13, 2022
Ready to start?
A recent security vulnerability discovery raised the question of internal developer portal security. Can a developer portal be both SaaS, not self-hosted, and be designed with security first and foremost? In short, the answer is “Yes!!”.
We’re happy to announce that we’ve passed SOC2 certification and are now SOC2 compliant.
Some of the key highlights in our secure approach to internal developer portals are as follows:
- Port does not store its customers’ credentials. The data ingested to Port is in push; Port does not collect any data on its own.
- Port’s web interface is the main way to view, organize and manage the Software Catalog. It is highly customizable and gives the customer complete control over what catalog data is exposed and to whom.
- Changes are tracked in two ways, either through a secure webhook or through a subscription to a dedicated message queue. In addition, Port offers a custom agent which customers can install to handle changes, self-service actions and other notifications. The agent will handle parsing the requests and forwarding them to the customer’s infrastructure, saving the need to validate the authenticity of the request.
- All data managed by Port is encrypted at rest & in transit. Port uses SSL (TLS v1.2+ where applicable) for all of its requests and implements industry standard encryption, authorization and authentication. It also uses rotating access tokens, credentials and secrets to guarantee the long-term safety of user data
- We offer industry-standard data controls for data security. These include encryption-at-transit, encryption-at-rest, and PII data redaction. Port also employs Single Sign-On (SSO), Role-Based Access Control (RBAC), and audit logs to secure access to its platform and prevent access to unauthorized data.
Check out Port's pre-populated demo and see what it's all about.
No email required
Contact sales for a technical product walkthrough
Open a free Port account. No credit card required
Watch Port live coding videos - setting up an internal developer portal & platform
Check out Port's pre-populated demo and see what it's all about.
(no email required)
Contact sales for a technical product walkthrough
Open a free Port account. No credit card required
Watch Port live coding videos - setting up an internal developer portal & platform
Book a demo right now to check out Port's developer portal yourself
Apply to join the Beta for Port's new Backstage plugin
It's a Trap - Jenkins as Self service UI
Further reading:
Example JSON block
Order Domain
Cart System
Products System
Cart Resource
Cart API
Core Kafka Library
Core Payment Library
Cart Service JSON
Products Service JSON
Component Blueprint
Resource Blueprint
API Blueprint
Domain Blueprint
System Blueprint
Microservices SDLC
Scaffold a new microservice
Deploy (canary or blue-green)
Feature flagging
Revert
Lock deployments
Add Secret
Force merge pull request (skip tests on crises)
Add environment variable to service
Add IaC to the service
Upgrade package version
Development environments
Spin up a developer environment for 5 days
ETL mock data to environment
Invite developer to the environment
Extend TTL by 3 days
Cloud resources
Provision a cloud resource
Modify a cloud resource
Get permissions to access cloud resource
SRE actions
Update pod count
Update auto-scaling group
Execute incident response runbook automation
Data Engineering
Add / Remove / Update Column to table
Run Airflow DAG
Duplicate table
Backoffice
Change customer configuration
Update customer software version
Upgrade - Downgrade plan tier
Create - Delete customer
Machine learning actions
Train model
Pre-process dataset
Deploy
A/B testing traffic route
Revert
Spin up remote Jupyter notebook
Engineering tools
Observability
Tasks management
CI/CD
On-Call management
Troubleshooting tools
DevSecOps
Runbooks
Infrastructure
Cloud Resources
K8S
Containers & Serverless
IaC
Databases
Environments
Regions
Software and more
Microservices
Docker Images
Docs
APIs
3rd parties
Runbooks
Cron jobs