dragondrop docs
dragondrop.cloud
  • Welcome
  • Getting Started
    • How dragondrop Works
    • 🔒Security
    • Self-Hosted Runners
    • Cloud Perch - Cloud Footprint Visualizations
    • Jobs
      • What is a Job?
      • How Many Jobs Should We Use?
      • Creating a Job
      • Running a Job
      • Managed Drift Only Mode
      • Job Output
    • Setting Up CI/CD
    • Supported Tech Stack
    • Signing Up
    • Schedule a Demo
  • Deploying To Your Cloud
    • Infrastructure Requirements
      • Requirements
      • AWS
      • Azure
      • GCP
    • Environment Variables
    • Updating HTTPS Job Endpoints
    • FAQs
  • Setting Up CI/CD
    • GitHub Action
  • Pricing & Plans
    • Plans
    • FAQs
  • Trouble Shooting
    • Resource Coverage
      • AWS
      • Azure
      • GCP
    • Contact Support
Powered by GitBook
On this page
  • (O) Open source by design
  • (1) No sensitive data on your cloud posture ever leaves your existing tool set.
  • (2) cloud-concierge only requires read-only permissions for your cloud environment.
  • (3) Changes are recommended via Pull Request, never made directly.
Edit on GitHub
  1. Getting Started

Security

Defensive practices for trust and security at every step.

PreviousHow dragondrop WorksNextSelf-Hosted Runners

Last updated 1 year ago

When dealing with information about your cloud posture, as well as Terraform State files, security needs to be at the forefront. That is why dragondrop has engineered security and trust into every step of ensuring that your cloud is represented fully, and accurately, as code.

(O) Open source by design

The entire cloud-concierge container code is open sourced and availble for viewing and auditing.

(1) No sensitive data on your cloud posture ever leaves your existing tool set.

  • The cloud-concierge container is self-hosted for all executions

  • After container execution, all visualizations and identified new resources are exposed through a pull request within your existing VCS

(2) cloud-concierge only requires read-only permissions for your cloud environment.

When generating service principals for dragondrop to be able to complete the requisite cloud scanning, only read-only permissions should be granted to your cloud environment and the provider remote buckets that store Terraform state files.

(3) Changes are recommended via Pull Request, never made directly.

The dragondrop container will never directly make changes to your Terraform code base. It will only open a Pull Request in your VCS containing recommended changes and import blocks/import statements.

  • Like all other code, your developers have final sign-off and approval into whether or not to merge the suggestions.

  • Comments, discussions and changes to the original dragondrop suggestions are all recorded within your VCS.

All telemetry for OSS executions and anonymized data collected from dragondrop-managed jobs can be viewed publicly on GitHub, and , respectfully.

🔒
here
here
The dragondrop.cloud workflow is engineered for security and trust at every step