How Traqen Handles Your Code Securely

Security and privacy are foundational to how Traqen operates. This page explains how we handle repository access, code scanning, data retention, and vulnerability results.

Temporary Repository Access

When you connect a GitHub repository, Traqen clones it into an isolated Docker container solely for the purpose of running security scans. The clone is temporary — your code is not stored on Traqen servers after the scan completes.

Ephemeral Scanning Containers

Each scan runs in a dedicated, ephemeral Docker container. The container is created for the scan, executes the analysis, and is destroyed immediately after. Containers are isolated from each other and from Traqen infrastructure.

What We Store

Traqen stores scan results: findings with severity, affected file paths (not file contents), recommendations, and metadata. We also store your account information and scan configuration. We do not store source code, full file contents, or git history.

GitHub App Permissions

Traqen connects to GitHub via a GitHub App with the minimum permissions needed to clone repositories. You control which repositories Traqen can access and can revoke access at any time from your GitHub settings.

Infrastructure

Scanning infrastructure uses Docker-in-Docker for container isolation. Communication between services uses internal networking. API endpoints are protected with authentication, rate limiting, and CORS restrictions.

Responsible Disclosure

If you discover a security issue in Traqen, please report it to contact@traqen.app. We take all reports seriously and will respond promptly.

Frequently Asked Questions

No. Your code is cloned temporarily into an ephemeral container for scanning and discarded immediately after the scan completes.

Through the Traqen GitHub App settings. You select exactly which repositories to grant access to and can change this at any time.

Scan results (findings, severity, file paths, recommendations), account information, and scan configuration. No source code or file contents are retained.

Email contact@traqen.app with details of the vulnerability. We will acknowledge receipt and work to address the issue promptly.

Related

Code security flawsGitHub security scanner

Ready to scan securely?

Connect your repository and run your first scan with confidence in how your code is handled.

Get started