Please read this data security and privacy policy carefully before using MergeBase Plugins.
In addition to our core application security products, MergeBase also publishes and maintains marketplace apps, plugins, and add-ons (referred to generally as “plugins” in this document). These plugins are available in several popular development and security marketplaces (e.g., Atlassian, Azure, Github).
Our plugins comply with specific Data Security and Privacy Policy requirements which are detailed below.
MergeBase plugins have two modes of operation: basic, and enhanced. In the basic mode, the plugin is not permitted to invoke any network activity whereas in enhanced mode, when configured to do so by a plugin administrator, the plugin can be configured to download fresh global vulnerability data. It can also be configured to send vulnerability scans to a customer-controlled MergeBase cloud server running on MergeBase cloud infrastructure.
By default, MergeBase plugins are always initially installed in basic mode, and plugin administrators at the customer’s organization must consciously enable the enhanced mode.
In addition to MergeBase’s corporate Privacy Policy, MergeBase plugins also comply with the following additional policy:
Unless you have notified us otherwise (see condition #2, below), you consent to receive marketing emails from MergeBase Software Inc. Note: we will only use email addresses associated with the administrator accounts that installed the plugin.
You are free to withdraw your consent to receive marketing emails from us at any time. You can withdraw your consent by emailing us at julius@mergebase.com or clicking on the “unsubscribe” link at the bottom of any of our marketing emails.
Stay on top of the real risk of open source at any time.
Avoid false positives and get sophisticated upgrade guidance based on risk, compatibility and popularity.
More on Continuous ProtectionDetect and defend against known-vulnerabilities at runtime. The only SCA to do so.
The quickest way to respond to an imminent threat like log4j with CVE-2021-44228.
More on Run-time ProtectionCodeGreen is an early-warning defence for your in-house development and integrates directly into GitHub and BitBucket
More on BitBucket and Github apps