We believe that being transparent about our code, and other implementation details are curcial to gain trust. Therefore, we have our security model easily accessible and our project is free and open source (FLOSS). Any doubts about our code, check it on GitHub for the source of truth!
Note: Krptn, without prior interactions initiated by you, will never reach out to you for personal information. This information could help you in identifying scam.
We regularly update our list of providers, and the services we use to ensure full transparency.
We use GitHub for:
- Issue Tracking
- Continuous Integration
- Dependency Management
- Code Scanning
- Secure source code management
On Microsoft Azure we do:
- Website hosting
- Cloud storage
We use Google services for:
- Communication (Gmail)
- Collaboration (Google Drive)
- Website Usage Analytics
From Cloudflare, we use the following services:
- DDoS protection
- SMTP relay for incomming mail
- SMTP relays for outgoing mail
In addition to the above listed providers, Krptn’s code also depends on several open source projects.
For the full list, please view our dependency graph on GitHub but the most significant dependencies are:
- DuoLab’s WebAuthn Python extension
Open Source projects our website uses
Our website and documentation uses to following Open Source projects to function:
- Our custom modified version of Ananke Theme
- Google AMP
We have a Security Policy which defines the reporting process for vulnerabilities.
We aim to fix, release and disclose vulnerabilities as soon as we can. However, may not diclose a vulnerability until we have released a fix for it.