Sécurité et données

Multi-Tenant Isolation

Every API request is scoped to a tenant via JWT claims. Database queries enforce tenantId on all resources.

Encryption

Git credentials and integration tokens are encrypted at rest using AES-256. All traffic uses TLS 1.2+.

Authentication

JWT access tokens (15 min) with refresh rotation. Enterprise SSO via OIDC (Okta, Azure AD) supported.

Data Residency

Deploy SecIQ in your preferred region. Scan artifacts stored in S3-compatible object storage with configurable retention.