Security Testing and SOC2 Compliance for Airbyte Open-Source Tool


The user is inquiring about security testing procedures, frequency, vulnerability verification, manual update validation, and SOC2 Type 2 coverage for the Airbyte open-source tool.


Hi Team, We have been planning to utilize an Airbyte open-source solution for a testing purpose and later on will be moving it to the cloud version based on the business needs. We have some questions related to security and couldn’t find the answers from the security section on Airbyte’s website.
Here are the queries:

  1. Does the Airbyte open-source tool/API go through any kind of security testing? e.g.: SCA, SAST, DAST.
  2. If Yes! how frequently does the testing happen? Will it cover each update?
  3. Who will be verifying each release to ensure there are no vulnerabilities?
  4. If I decide to do the updates manually, how should I validate each release with no issues?
  5. Does your soc2 type 2 cover the open-source tool as well? Can you please share the report?

Please check the above queries for open source and appreciate your early response. Thanks.

This topic has been created from a Slack thread to give it more visibility.
It will be on Read-Only mode here. Click here if you want to access the original thread.

Join the conversation on Slack

["security-testing", "soc2-compliance", "open-source", "vulnerabilities", "release-validation"]