Skip to content

Commit e131ee3

Browse files
Thomas StrombergThomas Stromberg
Thomas Stromberg
authored and
Thomas Stromberg
committed
tuning our security page
1 parent 7e96734 commit e131ee3

File tree

2 files changed

+4
-3
lines changed

2 files changed

+4
-3
lines changed

src/assets/css/style.css

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -365,7 +365,7 @@ body {
365365
content: "❧";
366366
position: absolute;
367367
left: 0;
368-
color: var(--cyan);
368+
color: #888;
369369
font-size: 20px;
370370
}
371371

src/security/index.njk

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ title: Security
2424
<ul style="font-size: 16px; line-height: 1.8;">
2525
<li><strong>Zero Trust</strong>: Hardware-backed cryptographic identity and encryption are our security perimeter</li>
2626
<li><strong>Defense in depth</strong>: Every layer fails—we rely on overlapping controls (<a href="https://en.wikipedia.org/wiki/Swiss_cheese_model">swiss cheese model</a>)</li>
27-
<li><strong>Ephemeral secrets</strong>: All secrets leak eventually. We prefer <a href="https://openid.net/developers/how-connect-works/">OIDC</a>/<a href="https://oauth.net/2/">OAuth</a>, When unavoidable, we rely on runtime KMS fetch — never disk or <a href="https://man7.org/linux/man-pages/man7/environ.7.html">environ(7)</a>.</li>
27+
<li><strong>Ephemeral secrets</strong>: All secrets leak eventually. We prefer <a href="https://openid.net/developers/how-connect-works/">OIDC</a>. When unavoidable, we rely on a runtime KMS — never transferring secrets via disk, <a href="https://www.gnu.org/software/c-intro-and-ref/manual/html_node/Command_002dline-Parameters.html">argv</a>, or <a href="https://man7.org/linux/man-pages/man7/environ.7.html">environ(7)</a>.</li>
2828
<li><strong>Minimal data surface</strong>: Less data = less risk. Metadata cache only (21-day TTL), 0 persistent user data</li>
2929
<li><strong>Minimal supply chain</strong>: Most services have 0-1 external deps. We use <a href="https://github.com/ko-build/ko">ko</a>+<a href="https://images.chainguard.dev/">Chainguard Images</a></li>
3030
<li><strong>No data monetization</strong>: We never sell your data. Third-party sharing limited to operational requirements/li>
@@ -37,8 +37,9 @@ title: Security
3737
<ul>
3838
<li><a href="https://github.com/codeGROOVE-dev/policy/blob/main/CORPORATE.md">Corporate Security Policies</a></li>
3939
<li><a href="https://github.com/codeGROOVE-dev/policy/blob/main/PRIVACY.md">Privacy Policy</a></li>
40+
<li><a href="https://github.com/codeGROOVE-dev/policy/blob/main/TOS.md">Terms of Service</a></li>
4041
</ul>
41-
<p>We're not yet SOC 2, but we've overseen the process for other large companies and will consider it later.</p>
42+
<p>Our team has guided companies through SOC 2 certification. Rather than retrofit compliance later, we're engineering our security controls to meet SOC 2 standards from day one.</p>
4243
</div>
4344

4445
<div style="background: var(--black); border: 8px solid var(--cyan); border-radius: 20px; padding: 30px; margin: 40px 0; box-shadow: 0 8px 24px rgba(0, 0, 0, 0.4);">

0 commit comments

Comments
 (0)