Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data privacy / security #74

Open
Nezisi opened this issue Oct 1, 2023 · 3 comments
Open

Data privacy / security #74

Nezisi opened this issue Oct 1, 2023 · 3 comments

Comments

@Nezisi
Copy link

Nezisi commented Oct 1, 2023

I've tried to read up every ressource I found on the Digma websites...

But I cannot seem to find enough details to come to a conclusion about how Digma utilizes data, nor who / what is involved in the Digma analysis.

As OpenTelemetry has access to all kinds of sensitive data, I feel this needs a detailed clarification.

If I've overlooked something, please give me a hint.

Thanks for all your hard work!
@doppleware
Copy link
Contributor

Hi @Nezisi at this moment Digma isn't a SaaS service so does not take any OTEL data at all.
All of the observability data stays local on your machine as Digma runs on your local containers.
We do have SOC2 and other compliances but since that is the case it is less a consideration.
Let me know if I can help with more info!

Thanks!
Roni

@Nezisi
Copy link
Author

Nezisi commented Oct 1, 2023

Just to be clear - sorry for being pedantic - so Digma doesn't call home by any means, nor does it utilize the data (be it anonymized or not) it has access to in any means except for the statical analysis?

It is sad that this has to be asked nowadays :(

Would be great if you maybe could add that information under the FAQ?

I guess I'm not the only one who thinks that Digma is a very great idea, but on the other hand, dreads the possible security concerns and red tape involved in using it… (which is another sad thing nowadays)

Thanks for the fast reply!

@doppleware
Copy link
Contributor

Hi @Nezisi - it is actually very important to clarify, thanks for digging more into this.

Digma doesn't send any of your observability data back. Your application data is completely yours and dynamic analysis is done locally on your Docker. We really don't want the responsibility of handling that data :) Especially in well-regulated orgs.

We do save UI analytics for usability feedback purposes (for example, if you click a button or open a panel and how often), this is so we can improve Digma from a developer experience and UI perspective. We also send back any internal IDE exceptions Digma is encountering so we can know how to solve them. These too, include only Digma's internal stacks.

We are considering adding a toggle to block that as well - let me know if this would be necessary for your case.

Hope that helps clarify that - I will keep this issue open until we update the FAQ.

Thanks!
Roni

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@doppleware @Nezisi