LogoLogo
  • Introduction
  • Organizational security
  • Ubidots Architecture
  • Confidentiality
    • Formatting and Data Accumulation
    • Encryption in Transit
    • Encryption at Rest
    • All of Our Hired Personnel Must Sign an NDA
    • We Only Hire Directly
  • Transparency
    • Periodic Checks
    • Status Page
    • Support Channel
    • Open Source
    • Continuous Hacking to our Own Technology
    • Data Leakage Policy
  • Integrity
    • Isolated Websites
    • Code Management
    • Continuous Scanning for Vulnerabilities
  • Resilience
    • Incident Management and Resolution
    • Data Backup
    • Recovery Objective
  • Non-repudiation
    • Extensive Logs
    • Everything as Code
  • Authentication
    • For Clients
    • Internal
  • Privacy
    • Data Management and Retention Policy
  • Compliance
    • FDA 21 CFR Part 11
      • Validation
      • Audit Trails
      • Electronic Signatures
      • System Access Controls
      • Record Retention
      • Record Protection
Powered by GitBook
On this page
  • Version Control
  • Continuous Integration and Deployment (CI/CD)
  • Continuous Code Scanning and Vulnerability Retesting

Was this helpful?

Export as PDF
  1. Integrity

Code Management

PreviousIsolated WebsitesNextContinuous Scanning for Vulnerabilities

Last updated 10 months ago

Was this helpful?

At Ubidots, we prioritize the security and integrity of our software development processes. This section outlines our approach to code management, which ensures that our software is developed in a controlled environment.

Version Control

We utilize Git for version control, enabling efficient tracking of revisions and collaboration among our development teams. To manage code repositories, we use:

  • Bitbucket: Our main platform code is securely hosted on Bitbucket. This centralized repository allows for controlled access and collaborative code reviews, ensuring that all contributions meet our quality standards.

  • GitHub: We use GitHub for our public repositories, which host open-source projects and community-contributed code. This separation ensures clear delineation between proprietary and open-source efforts.

Continuous Integration and Deployment (CI/CD)

Our CI/CD processes are managed through Bitbucket Pipelines. This tool automates our testing and deployment workflows, ensuring that new code changes are seamlessly integrated and deployed to production environments without disruptions. Pipelines also facilitate rapid rollbacks and adjustments in response to any issues, maintaining our system's reliability and user experience.

To manage and secure our sensitive configuration details, such as API keys and credentials, we employ AWS Secret Manager. This tool ensures that all secrets are encrypted, rotated regularly, and accessible only to authorized applications and developers, significantly enhancing our security posture.

Continuous Code Scanning and Vulnerability Retesting

We implement rigorous security practices in our code management processes, including regular security audits, vulnerability scans, and adherence to best practices for secure coding.

See to learn more.

next section