Security Overview
Defense-in-depth security architecture with post-quantum cryptography, zero-trust networking, and comprehensive audit trails.
Security on Drok is not a feature. It is the architecture. Every layer of the platform — from cryptographic primitives to network policy to access control — is designed with the assumption that threats are sophisticated, persistent, and evolving.
Security Architecture
Memory Safety
Drok's backend is written exclusively in Rust. This is not a preference — it is a security decision.
- No buffer overflows — Rust's ownership model prevents buffer overflows at compile time
- No use-after-free — Memory is freed deterministically when ownership is dropped
- No data races — The borrow checker prevents concurrent mutable access at compile time
- No null pointer dereferences — Rust's
Optiontype eliminates null pointer bugs
The entire class of memory safety vulnerabilities that accounts for approximately 70% of CVEs in C and C++ codebases is structurally eliminated.
Cryptography
Drok implements post-quantum cryptography alongside classical algorithms:
| Standard | Algorithm | Use |
|---|---|---|
| FIPS 203 | ML-KEM-1024 | Key encapsulation (key exchange) |
| FIPS 204 | ML-DSA-87 | Digital signatures |
| FIPS 205 | SLH-DSA-SHA2-256s | Stateless hash-based signatures |
These algorithms are resistant to attacks by both classical and quantum computers. See Post-Quantum Cryptography for implementation details.
Transport Security
- TLS 1.3 only — TLS 1.2 and earlier are not supported
- Certificate transparency — All TLS certificates are logged to public CT logs
- HSTS — HTTP Strict Transport Security with preload
- Certificate pinning — The
drokCLI pins Drok's TLS certificate chain
Data at Rest
- AES-256-GCM — All repository data and secrets encrypted at rest
- Per-tenant keys — Each organization has a dedicated encryption key
- Key rotation — Encryption keys are rotated automatically on a configurable schedule
- Hardware security modules — Enterprise plans support HSM-backed key storage
Access Control
- Role-based access control — Organization, team, and repository-level roles. See Permissions.
- Branch protection — Enforce review requirements, status checks, and signature requirements on branches. See Branch Protection.
- CODEOWNERS — Automatic review assignment based on file ownership. See CODEOWNERS.
- SSO enforcement — Require authentication through your identity provider. See SSO.
Supply Chain Security
- Package scanning — All published packages are scanned for known vulnerabilities
- Immutable versions — Published package versions cannot be overwritten
- Build provenance — Packages published from Drok Pipelines include signed provenance attestations
- Dependency auditing —
drok auditscans your dependency tree for known vulnerabilities
drok audit my-org/my-repoVulnerability Disclosure
Drok maintains a responsible disclosure program. Security researchers can report vulnerabilities to security@drok.us. Reports are acknowledged within 24 hours and resolved within the severity-appropriate SLA:
| Severity | Response SLA | Resolution SLA |
|---|---|---|
| Critical | 4 hours | 24 hours |
| High | 24 hours | 7 days |
| Medium | 48 hours | 30 days |
| Low | 7 days | 90 days |
Compliance
Drok's security architecture supports compliance with:
- SOC 2 Type II — Audited annually
- GDPR — Data processing agreements available
- HIPAA — BAA available for Enterprise plans
- FedRAMP — Authorization in progress
Security Headers
All Drok web responses include:
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 0
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: camera=(), microphone=(), geolocation=()