Product Documentation
Search…
Welcome To Reshift
Getting Started
Scan Your First Project
Signing Up Using GitHub
Signing Up Using Bitbucket
Signing Up Using GitLab
Scanning Maven Projects
Scanning Gradle Projects
Granting Reshift GitHub Organization Access After Signing up
Setting Projects Up Using NPM
Integrations
GitHub Actions [JavaScript]
GitHub Actions [Java]
Circle CI
Jenkins
GitLab
Analysis Engine
Java Security Rules
JavaScript Security Rules
Product Features
Code Review Workflow
Autofix
IDE plugins
IntelliJ IDE
Visual Studio Code
Reshift Security Model
Source Code Security in Reshift
User Authentication Mode in Reshift
Report Bundles and Call Graphs
User Data Flow
Common Questions and Answers
How do you ensure Reshift's own security?
How do I know my code is secure?
Why do you need access to my source code?
What permissions does reshift gain access to?
Can I try reshift without giving access to my source code?
Why do I need to sign up with GitHub, Bitbucket, or Gitlab?
Why might my scan be failing?
Can’t load code snippets?
Clean security report?
Account Settings
Permissions
Project Settings
Project Tokens
Security Gates
Reporting
Powered By GitBook
Report Bundles and Call Graphs

Report Bundle Upload

The Report Bundle, better described within the overview section, is generated on a per build basis and its artifacts are created to be consumed by the Reshift servers. The artifacts are serialized into a proprietary format. To send the report bundle to the server, the Reshift-plugin requires a unique reporter token, generated during the Add Project steps. If a report token is supplied to the Reshift-plugin, the Reshift-plugin will establish an encrypted TLS 1.2 connection between the build machine and one of the Reshift servers. Once a successful connection has been established, the Reshift-plugin will use the encrypted channel to send the report bundle. The Reshift servers will deserialize the information within the report bundle and discard the original report bundle leaving no trace of information within the server. The data within the report bundle is stored within an encrypted database housed within a secure data center.

Code Graphs

The code graphs, better known as static call graphs within the software development community are the graphical representation of the source code. They outline the interconnections between subroutines within a computer program. They consist of a node and a vertex representing a relationship between a caller and a callee within a software program. The important point to note is that call graphs are a byproduct of the source code itself, and the conversion between source code and code graphs have varying degrees of precision. There are many tools to generate code graphs from source code, however, there is currently no tool available today to convert code graphs back into their source code counterpart. Reshift generates code graphs of the source code being analyzed and transmits them to the Reshift server to be analyzed for security violations against its global knowledge base.
If you have any more questions, please email us at [email protected]!
Reshift Security Model - Previous
User Authentication Mode in Reshift
Next - Reshift Security Model
User Data Flow
Last modified 1yr ago
Copy link
Outline