Security & trust

Your code stays yours.

Least privilege by default, analyze-and-discard, and everything as plain files you own and merge. Here's exactly how baselane handles your code — so your security team has real answers, not hand-waving.

Access

Least privilege, by design.

baselane installs as a GitHub App scoped to the minimum it needs — and nothing more.

What baselane can doWhat it can never do
Read repository contents to analyze stack & conventions Write to your default branch
Open pull requests with the generated standard Push commits directly to any branch you didn't approve
Read metadata for the repos you select Touch Actions secrets, settings, or unselected repos

Guarantees, in plain terms.

Analyze-and-discard

We analyze a repo in an ephemeral workspace, extract a derived profile (languages, frameworks, commands, conventions), and discard the source. Your code is never persisted on our side — only the profile and the files we generate.

PRs only

Every change is a reviewable pull request. Merging is the human gate — always your call.

Plain files

Everything baselane produces is version-controlled files in your own repos. Nothing proprietary to lock you in.

Transparent agent

The optional laptop agent is IT-deployed and signed; it reconciles approved config and reports coarse status — documented for your review.

Reproducible

Identical inputs produce identical files — every change is diffable and auditable in git.

Data handling

What we store — and what we don't

In one line: we keep the standards and the state, not your source.

Persisted: your organization's standards, analysis profiles (derived facts, not code), generated artifacts, pack registry, and PR/rollout state.

Never persisted: your repository source code. It's analyzed in an ephemeral workspace and discarded.

We're designing for mid-size buyers first and building toward formal certification (e.g. SOC 2) as we move upmarket. If your security team has a questionnaire, we'll fill it out — the architecture above is the honest answer to most of it.

Bring it to your security team.

We'll walk through scopes, data handling, and the agent footprint — no hand-waving.

Join the waitlist