Security
Compliance
Section titled “Compliance”- ISO 27001 certified
For policies, certificates, subprocessors, and live security posture, visit the Avrea Trust Center.
Encryption
Section titled “Encryption”All cache traffic between runners and cache proxies is encrypted in transit. Cache data is encrypted at rest in storage colocated with the runners.
Console and API access
Section titled “Console and API access”The Avrea console, API, and documentation are served exclusively over HTTPS with managed TLS certificates. Sign-in uses OAuth through GitHub or Google. Avrea does not store passwords.
Cache isolation
Section titled “Cache isolation”Caches are isolated by repository:
- GitHub Actions cache is further scoped by Git ref.
- There is no cross-repository or cross-organization cache access.
Cache authentication
Section titled “Cache authentication”- GitHub Actions cache uses JWT tokens issued by GitHub for scoping and access control.
- Build cache requests are authenticated by the runner infrastructure. Only your jobs running on Avrea runners can access your cache, and caches are isolated by repository.
Reporting vulnerabilities
Section titled “Reporting vulnerabilities”If you discover a security issue, please contact security@avrea.com.