Security
- Source-free by default: Enterprise ingests scanner snapshots and workflow metadata, not source code.
- OIDC and RBAC: Customer app access is role-scoped. Admin operator access is separate and token-based.
- Tenant isolation: PostgreSQL row-level security enforces organization boundaries in addition to app RBAC.
- Secrets: Stripe, database, webhook, and integration credentials are stored outside the repo and read from Secrets Manager in production.
- Evidence: Audit exports can be retained, downloaded, and signed for diligence workflows.
Faultline identifies structural engineering risk. It does not claim to prevent incidents or replace testing, code review, observability, or security scanning.