1

To what information does CatLIght cloud service store?

Hi,

I have come across catlight which suits our current requirement. But there are lot of security related restrictions on using a TPA.

Please find the attachment for the access requested by catlight.

Can you please help me with the following?

Here read access is requested for code and build artifacts, Is this information stored in CatLIght cloud service?

Can you please elaborate more on this? I did come across this question (link), but it doesn't seem to have the complete information when compared with above access requests.

2 replies

SK

Also Can you please let me know that with the ability to read and search the code, how does catlight protect the customer proprietary data? does it process the source code like code search, version control artifacts,  etc. on their own servers?

CatLight does not read or search code, and it does not access the build artifacts.

Azure DevOps permissions are not very granular, and unfortunately, we have to request more than necessary. We want to request permission to read the list of pull requests, so the app can show notifications about them. However, the minimum permission to do that is to request read access to the code. The same situation is for builds.

After authentication happens, CatLight stores the access token in an encrypted form locally on the user's computer, and all the data processing is happening locally.