|
|
|
|
|
|
by drewda
3054 days ago
|
|
|
I see that the logs and analysis will be open to everyone. I guess that's equivalent to using Travis, CircleCI, etc. on their free/open tiers. But API logs and analysis like Skylight performs can have much more unpredictable and sensitive info in them than test/build logs. Does this mean that all private fields needs be scrubbed in-app, before Skylight? For example, a hosted OSS service that includes e-mail addresses or location data in API query strings. |
|
|
We work differently than other similar products, in that we rely heavily on aggregation, both for presenting useful data in the UI and also to keep our backend scalable. We don't keep around particular aspects of individual requests. Individual requests are essentially only used as "data points" to build statistical models about your app/endpoints. For example, any SQL queries are parsed and sanitized on your server before they are sent to us[1].
That probably sounds more involved than it actually is in practice – you can see it for yourself on the dashboards for The Odin Project[2] and the Homebrew formula browser[3]. The bottom line is that there is no way to get from the aggregated data back to an individual request.
[1] https://www.skylight.io/support/faqs#security
[2] https://oss.skylight.io/app/applications/g0gJSNnzYAws/recent...
[3] https://oss.skylight.io/app/applications/jut3BrkJo722/recent...