Security

Security at Bunnyshell

SOC 2 TYPE 2 CERTIFICATION IN PROGRESS

Table of contents

Security Overview

Responsible Disclosure Policy

Security Overview

At Bunnyshell, data security is a critical aspect and we recognize the importance of collaborating with proficient security researchers to detect any vulnerabilities in our technology. If you come across any security vulnerability in Bunnyshell's service, please do not hesitate to inform us so we can take prompt action and address the issue together.

Data Security

Bunnyshell encrypts data at rest and in transit for all of our customers. We use tools like Hashicorp Vault to manage encryption keys for security in line with industry best practices.

Application Security

Bunnyshell regularly engages security experts for third-party penetration tests. Our penetration testers evaluate the running application, and the deployed environment.

Bunnyshell also uses high-quality static analysis tooling provided by Snyk to secure our product at every step of the development process.

Infrastructure Security

Bunnyshell uses Amazon Web Services to host our application. We make use of the security products embedded within the AWS ecosystem, such as GuardDuty.

Responsible Disclosure Policy

Last Updated: January 20, 2023

Disclosure Policy

  • If you believe you've discovered a potential vulnerability, please let us know by emailing us at security@bunnyshell.com. We will acknowledge your email within one week.
  • It is prohibited to keep, distribute, expose or destroy Bunnyshell or customer data. If you come across any Personally Identifiable Information (PII), you should stop your activity, delete the related data from your system, and immediately inform Bunnyshell.
  • Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Bunnyshell service. Please only interact with accounts you own or for which you have explicit permission from the account holder.
  • Before sharing any reported issue with a third party or disclosing it publicly, allow Bunnyshell a reasonable amount of time to rectify the issue.

Excluded Vulnerabilities

Our Responsible Disclosure Program has certain vulnerabilities that are not included in its scope.

  • Denial-of-Service (DoS) attacks
  • Social engineering or phishing of Bunnyshell employees or contractors
  • Any attacks against Bunnyshell's physical property
  • Resource exhaustion attacks
  • Spamming

This policy applies to Bunnyshell Application hosted at environments.bunnyshell.com and to any other subdomains or services associated with the Bunnyshell App. We do not accept reports for vulnerabilities solely affecting our marketing website (www.bunnyshell.com) which contains no sensitive data.

Submission format

When submitting a report of a possible vulnerability, kindly provide a comprehensive summary of the vulnerability, including the target affected, steps taken, tools used and any relevant evidence (screenshots are highly appreciated).

Frequently asked questions

Everything you need to know about the product and billing.

What is Environments as a Service (EaaS)?
Environment-as-a-Service (EaaS) is a cloud platform that automatically creates and manages complete application environments on-demand. Unlike traditional infrastructure management, EaaS combines your application code with its entire runtime environment - databases, APIs, configurations, and dependencies - under unified version control. When you make code changes, EaaS automatically provisions the necessary infrastructure and configures everything your application needs to run, eliminating manual environment setup and ensuring consistency between development, testing, and production environments.
What is an Ephemeral Environment?
Ephemeral environments are temporary, isolated testing environments that are created automatically for each pull request and destroyed when no longer needed. Unlike permanent staging environments that are shared and constantly overwritten, ephemeral environments give each feature its own dedicated space for testing, previewing, and validation. They typically last for the duration of a pull request lifecycle - from creation to merge - ensuring every code change gets tested in isolation without conflicts or waiting times.
What are the benefits of EaaS?
Environment-as-a-Service (EaaS) accelerates development by eliminating testing bottlenecks and reducing rework. Teams can spin up production-like environments instantly for every pull request, enabling parallel development where multiple features are tested simultaneously without conflicts. This eliminates waiting times for shared staging environments, catches integration bugs before production, and allows stakeholders to review features immediately through live preview links, ultimately resulting in faster, higher-quality deployments.
Is Bunnyshell SOC 2 Compliant?
Bunnyshell has successfully achieved SOC 2 Type I compliance and ISO 27001 certification, confirming that our systems and processes meet the rigorous international standards for security, availability, processing integrity, confidentiality, and privacy required by enterprise and regulated industries.
How to integrate Bunnyshell with common CI/CD and DevOps tools?
Bunnyshell includes an extensive REST API, a CLI tool, Github Actions, and a Go SDK to integrate with your existing CI/CD and DevOps tools enabling you to easily deploy environments directly from your own release pipeline
Do I have to pay for a POC?
No. We offer a no-cost POC to allow you to test and assess the functionalities and benefits of our product. This period gives you the opportunity to make an informed decision without any upfront investment.
AminAminAminAmin

Still have questions?

Can't find the answer you're looking for? Please chat to our friendly team.

Get in touch