Security and Compliance Quickstart

Source-free boundary

Faultline OSS runs in a customer-controlled shell or CI runner. Enterprise ingests source-free scanner snapshots and organization workflow metadata, not source files or compiled artifacts.

Access model

• OIDC login and organization roles for customer users
• PostgreSQL row-level security for tenant isolation
• API tokens scoped to organization workflows
• Separate internal operator surface for Faultline staff

Evidence model

Audit exports can be downloaded with digest metadata and signature material for review workflows. Weekly digest email uses verified recipients and SES bounce/complaint suppression.

What to ask in procurement

• Which repos are in scope for the pilot?
• Which evidence exports are required for customer diligence?
• Who owns policy pack review and suppression expiry?
• Is SaaS acceptable or is a customer-controlled deployment required?