We’re excited to share that we are now officially a CVE Numbering Authority (CNA). As a CNA, we are authorized to assign CVE IDs to vulnerabilities in our own products, publish detailed vulnerability information, and collaborate with security researchers to coordinate responsible disclosures.

This milestone places us among a global network of 461 CNAs across 39 countries, all working together to improve cybersecurity through transparency and standardized vulnerability reporting.

By participating in the CVE Program, we’re contributing directly to the broader security ecosystem — ensuring that vulnerabilities are discovered, documented, and addressed in a timely and consistent way. It’s a key part of how we help users trust the tools they depend on — today and into the future.

But becoming a CNA is just one part of our larger commitment to security.

Security is woven into everything we do, from how we build products to how we handle data and ensure compliance. Our Git integrations, for example, are designed with privacy at the forefront: we only collect organization-level metadata — never source code — and we’re rigorous about collecting only what’s necessary. Sensitive information is always protected.

We also maintain full SOC 2 Type 2 compliance, with continuous monitoring through our partner, Drata, a leading platform for automated compliance. This ensures that our security posture isn’t a one-time effort, but part of an ongoing, proactive approach to safeguarding user data.

You can learn more about our security practices and how we protect your data by visiting our trust center.