Allure Testops does not interact with your proprietary code or any other sensitive data critical to your business, except for user email addresses used for authentication.
However, it’s important to note that sensitive information can sometimes appear in test parameters or artefacts if tests are not properly configured by the Customer. We strongly recommend avoiding the use of sensitive data (such as passwords, real email addresses) within test parameters or in the metadata shared with Allure.
Allure TestOps’ primary purpose is to collect and represent automated and manual tests results to provide detailed insights as well as to keep the tests documentation. It focuses exclusively on the outcomes and artifacts of tests, without accessing the actual product or test code or customer data, except user email addresses used for the authentication of Allure TestOps end users.
The platform specifically accesses metadata generated during test execution, which includes:
Pass, Fail, Skipped, or Broken statuses for individual tests.
Exception stack traces and error messages produced during test execution.
Start and end times for tests, along with overall suite duration.
Attachments such as screenshots, videos, or log files from test runs.
Metadata like the operating system, browser, and version of the software under test.
Inputs or configurations specific to parameterized or data-driven tests.
Test categorizations (e.g., features, priorities, or ownership) to help organize results.
Analysis of trends over time, such as test flakiness, duration changes, or failure patterns.
This information helps teams identify issues, monitor the health of the test suite, and optimize overall test performance, ensuring a focused and secure test management process.
We kindly ask you to consider this information when setting security requirements.
We use Amazon Web Services (AWS) as our data center provider, which allows us to leverage some of the most extensive security practices and compliance certifications available. We strictly adhere to the principles of data security and confidentiality. Our data centers are strategically positioned in the EU, holding certifications such as SOC 1, SOC 2, and ISO 27001, ensuring 24/7 operations and enterprise-grade security. More information about AWS security can be found on the AWS Cloud Security page.
For companies requiring enhanced authority over their data and infrastructure, we offer a server version of our product, granting them complete control over product access and security configurations. The server version provides users with the capability to customize the hosting environment according to their specific organizational requirements and compliance standards, empowering them with a tailored solution.
When accessing the Qameta Software website or utilizing Allure TestOps, the information exchange between your device and Allure TestOps servers is secured with 256-bit TLS encryption provided by CloudFlare. Apart from SSL/TLS encryption we use CloudFlare platform that provides DDoS protection, Web Application Firewall (WAF), bot management, DNS security, rate limiting, Zero Trust Security, and advanced analytics. These features help us ensure the integrity and availability of online assets. To learn more about security at CloudFlare please visit CloudFlare Trust Hub.
Payment details are processed and stored via Stripe, ensuring that we never have direct access to the client’s payment information. As a payment processor with PCI Level 1 Certification, Stripe adheres to the highest level of certification standards in the payments industry. Learn more about implemented security measures on the Stripe security page.
The primary logging solution for Allure TestOps is DataDog, chosen for its comprehensive monitoring and observability tools that offer in-depth insights into our infrastructure, applications, and services. With DataDog, we can swiftly detect and troubleshoot issues, reducing downtime and enhancing reliability. DataDog's integrations with various technologies and services allow us to consolidate monitoring tools and streamline workflows. You can learn more about security at DataDog on their Security & Compliance page.
In our development and architecture projects, GitHub holds a pivotal role, acting as the primary platform for version control and team collaboration. Our product and development teams extensively leverage GitHub for tasks like handling feature requests and conducting code reviews. For a more in-depth understanding of the security measures implemented by GitHub, please visit the GitHub security page.
At Qameta Software, we prioritize data security while ensuring the confidentiality, integrity, and accessibility of Client’s information. Allure TestOps collects names, emails, and test case data to enhance service delivery and support.
We prioritize secure storage of test data, encouraging users to upload artifacts directly to S3 Compatible Object Storage. Manual test files are securely stored within Allure TestOps.
To contact Qameta Software about any security-related issue, please send an email to the Qameta Security team: [email protected] and include a brief description of the issue.
