SECURITY
Security
How we keep your stuff safe (better than you keep your API keys).
Our Security Posture
We take security seriously. Ironic, given that we roast people for their security gaps—but that means we know exactly what NOT to do.
How Analysis Works
01
Local-First Analysis
Your code never leaves your machine during analysis. We scan locally.
02
Metadata Only
We only send anonymized metadata (file types, gap categories) for analytics.
03
Opt-In AI Features
LLM-powered fixes require explicit opt-in. You control what gets sent.
Infrastructure Security
- +All traffic encrypted with TLS 1.3
- +SOC 2 Type II compliant infrastructure (via Railway/Vercel)
- +Regular security audits and penetration testing
- +No plain-text storage of sensitive credentials
- +Automated vulnerability scanning on all dependencies
Vulnerability Disclosure
Found a security issue? We appreciate responsible disclosure. Please report vulnerabilities to:
security@lastmile.devWe aim to respond within 48 hours and will keep you updated on remediation.
Security Best Practices
While you're here, some tips for YOUR security (since we know you need them):
- 1.Never commit .env files to git
- 2.Use environment variables for all secrets
- 3.Enable 2FA everywhere (GitHub, deployment platforms)
- 4.Run `lastmile analyze` before every deploy (shameless plug)