Snipe-IT is Security-First
From our software to our platform, security is number one.
Security Overview
At Grokability, we don't just care about security to check boxes on a compliance form. We are passionate about security. It's part of our DNA, from the security options we provide for our users, to the rigorous security testing we do on Snipe-IT, to the core of our company culture. Like the layers of the OSI model, each layer at Grokability is important on its own, but also vital to the overall system.
Security in Our Software
In addition to providing you with configurable options for securing user accounts and access, Snipe-IT implements best-practices security for application design to prevent common attacks. Whether you host Snipe-IT yourself or you sign-up for our affordable hosting plans, you benefit from these features.
Security in Our Process
Automated security controls are critical to any software workflow to reduce the amount of time from defect creation to defect detection. Our scans run on every code push, every time.
Security in Our Platform
Software is only as secure as the system it runs on. We take a defense-in-depth approach to our server and network infrastructure. Customers on our hosted platform are secured through multiple layers of protection.
Security in Our Company
We know that humans are often the weakest link in the security chain, so we proactively educate our staff to identify potential threats, from sophisticated network attacks to social engineering and phishing attempts.
Recent Vulnerability Scan Results
We publish recent vulnerability scans here on our website, so that we can directly address issues and also provide additional context, since most automated scanners will generally report the same information. Any "medium" threats listed in the scan below will not be mitigated for the reasons outlined below:
Findings and Mitigating Factors - February 16, 2024
We run tests against https://grok-pen-test.snipe-it.io
, which is populated with seed data and is part of the same infrastructure and runs the same code as our hosted customers and open source users.
Hosted customers are permitted to perform their own independent penetration tests, however you must limit the scan to your own hosted Snipe-IT domain (https://your-subdomain.snipe-it.io
), and you must give us at least one week notice by sending an email to [email protected] with the test schedule before you begin so that we can alert our security team ahead of time, per our acceptable use policy.
Any vulnerabilities found should be reported to [email protected] and will receive prompt attention. Questions regarding our security should be directed to [email protected].
Sign-up for a hosted account and get premium support!
Hosted accounts get secure, reliable hosting with top-notch support and preferred priority for feature requests.