Join us for the next DPE Lowdown: How Spotify does DPE with Backstage – July 12, 2023. Register now.
Gradle Enterprise Security
Built-in protection at all levels
As a solution trusted by many of the largest financial institutions and technology companies in the world, Gradle Enterprise has designed security features and data protection mechanisms into every level of the product. Our customers have the flexibility to deploy GE into air-gapped secure networks, or isolated development environments, hosted either on-prem or with a cloud provider.
Secure Network and Data Protection Key Benefits
Deploy into your secure networks
Gradle Enterprise can be deployed to secure networks on-prem or in your cloud environment, co-located with your CI infrastructure for low latency remote cache access.
Adhere to cloud-native security best practices
Designed around Kubernetes security best practices for secret management and service accounts, Gradle Enterprise fits perfectly into a Cloud-Native security architecture.
Built with hardened development processes
All development for Gradle Enterprise follows a rigorous security methodology, including nightly vulnerability scanning, dependency analysis, artifact integrity checks and regular third-party penetration testing.
Deployable to Air-Gapped Networks
Key Capabilities
Single sign-on
Gradle Enterprise includes an embedded instance of Keycloak as an identity and access management layer, and supports SSO with any SAML or OIDC auth provider.
Role-based access control
Users can be assigned the minimal set of privileges needed to interact with Gradle Enterprise through our Role-Based Access Control.
Encryption in-flight
All communication between build tools, build caches and Gradle Enterprise is encrypted with modern TLS/HTTPS cipher suites.
Encryption at-rest
All sensitive data is protected with application level encryption at-rest. Gradle Enterprise can be deployed onto self-encrypting storage such as EBS volumes or PVs. Encrypted S3 buckets are also supported.
Outbound HTTP/S proxy server support
For high security network configurations, Gradle Enterprise supports configuring an outbound HTTP/S proxy server which can scan any Internet requests on egress.
Flexible TLS configuration
TLS can be terminated on an external load balancer, at the Kubernetes ingress level, or inside the Gradle Enterprise cluster for maximum flexibility.
Secure software development lifecycle
All Gradle Enterprise source code and dependencies are reviewed and scanned for known vulnerabilities on a nightly basis. Any discovered vulnerabilities follow a documented reporting and disclosure process.
Bearer token component registration
Scale out components of Gradle Enterprise, including build cache nodes and test distribution agents must register using a bearer token to establish secure communications.
