About

Security at Buildkite

At Buildkite, security is foundational to everything we do. Our platform helps some of the world’s most security-conscious organizations build, test, and deploy software — safely and reliably. We prioritise protecting your code, your data, and your workflows.

Our Security Commitments

At Buildkite, security isn’t just a feature — it’s embedded in our architecture. Our platform is designed with a security-first approach that respects your organization’s privacy and protects your intellectual property.

  • Customer-Controlled Infrastructure:

    Buildkite Agents can run on your infrastructure, meaning your source code and secrets never leave your environment.

  • Zero Code Exfiltration:

    Buildkite does not require access to your code repository contents or build artifacts. Agents can be self-hosted or managed — Hosted Agents are ephemeral and only access the code required for execution of their pipeline.

  • Data Minimization:

    We only collect what’s needed for orchestration — never your proprietary code.

Platform Security

Our security-focused approach gives you the confidence to scale your CI/CD operations without compromising security. From robust encryption to advanced authentication methods, we've built comprehensive data protection into every aspect of our service.

  • Hosted in AWS

    Buildkite is hosted and run within Amazon Web Services and designed to meet AWS “Well Architected” Principles.

  • End-to-End Encryption

    All data in transit is protected using TLS 1.2+ with strong cipher suites. Data at rest is encrypted using AES-256.

  • Single Sign-On (SSO) + SCIM

    SAML SSO integration is available using providers like Okta, Azure AD, and Google Workspace. SCIM provisioning is available on Enterprise plans.

  • Two-Factor Authentication (2FA)

    Multi-Factor Authentication is enabled by default for organisation members to add a layer of protection.

  • Audit Logging

    Customers have visibility into user and API activity to support compliance and incident investigations.

  • Granular Access Controls

    Team-based permissions allow you to restrict access to builds, pipelines, and organization settings. Buildkite can integrate with your cloud identity solution at a per job level via OIDC.

Agent Security

Buildkite’s agent architecture delivers powerful isolation and access controls that safeguard your build environments from security threats. Our design empowers you to implement defense-in-depth strategies that protect your most sensitive operations from potential threats. Customers can use Buildkite’s hosted agents or host their own agents within their own infrastructure.

SOC2 Compliance

Buildkite maintains a SOC 2 Type II report - an independent audit performed annually that verifies the design and operating effectiveness of our security practices including access controls, system monitoring, threat detection, and incident response.

Our security posture is continuously monitored and maintained across the business using our GRC platform. From infrastructure hardening to employee training and third-party risk management, we take a proactive, defence-in-depth approach to keeping your data safe.

For more details of our continuous compliance model, please see our trust site.

Security Testing and Practices

Buildkite maintains a robust security posture through rigorous third-party testing and active participation in the security community.

  • Regular Penetration Testing

    Third-party penetration tests are conducted at least annually, with remediation prioritized and tracked to completion.

  • Bug Bounty Program

    We run a private bug bounty program. We welcome people to join by contacting us.

  • GitHub Secret Scanning Program

    Buildkite is part of the the GitHub Secret Scanning Program which aims to enhance security for your API tokens.

  • OpenSSF Member

    As a member, we are dedicated to shaping the future of open source security by contributing to solutions that protect the software everyone depends.

Trust Portal

To view our SOC2 report, security penetration test and other assurance artifacts please see our Trust Site.

Questions or concerns?

Reach out to: trust@buildkite.com

Privacy

Want more details about our commitment to Privacy?

Buildkite’s privacy policy is here

Platform

  1. Pipelines
  2. Public pipelines
  3. Test Engine
  4. Package Registries
  5. Mobile Delivery Cloud
  6. Pricing

Hosting options

  1. Self-hosted agents
  2. Mac hosted agents
  3. Linux hosted agents

Resources

  1. Docs
  2. Blog
  3. Changelog
  4. Example pipelines
  5. Plugins
  6. Webinars
  7. Case studies
  8. Events
  9. Migration Services
  10. Comparisons

Company

  1. About
  2. Careers
  3. Press
  4. Security
  5. Brand assets
  6. Contact

Solutions

  1. Replace Jenkins
  2. Workflows for AI/ML
  3. Testing at scale
  4. Monorepo mojo
  5. Bazel orchestration

Legal

  1. Terms of Service
  2. Acceptable Use Policy
  3. Privacy Policy
  4. Subprocessors
  5. Service Level Agreement

Support

  1. System status
  2. Forum
© Buildkite Pty Ltd 2025