Frequently Asked Questions

General

What is Bytesafe?

Bytesafe is a package management platform for a secure code supply chain.
A firewall for dependencies with secure hosting of all your dependencies in private registries. Continuous analysis, monitoring and scanning for potential issues. Read more

What is a code supply chain?

Software applications depend on both internal proprietary code as well as open source code developed by others.
Like any other supply chain, all externally sourced code an application uses need to be managed in terms of availability, security, licensing etc to avoid business risks involved.

How does continuous analysis & monitoring of dependencies work?

Private & public packages included in Bytesafe are scanned for changes in composition, security & licenses compliance issues as well as compared to any Policies (rules) set in place.
By continuously monitoring registries users are able to identify issues early and avoid surprises at build time.

What is a package dependency?

A dependency is an external piece of code or package version that is used by your project in some way. It is not uncommon for projects to have 100+ dependencies.
Direct dependencies are package versions specified in a projects configuration files, like package.json or pom.xml. Indirect (or transitive) dependencies are dependencies of direct dependencies.

Community edition

What is the Community Edition?

The Community Edition is a completely free on-premise offering that we provide to users and companies of any size (and not only open source projects). It focuses on enhancing open source security and package management.

Our Community Edition supports multiple ecosystems and comes with a dependency firewall that automatically quarantines threats. By leveraging these features, companies can enhance their security posture and ensure the integrity of their software supply chain.

Community Edition is free, but are there any limitations?

Community Edition offers advanced capabilities to avoid threats introduced from open source. Although completely free, it’s feature-packed and lets you manage open source threats utilizing our advanced Dependency Firewall.

There are no limits or restrictions when it comes to users, packages, bandwidth or storage. Firewall registries (which act as proxies with security policies) are limited to 10 and each Firewall can have 1 upstream, which covers the needs of many teams.

For details, see the full feature comparison on our Pricing page.

How do I get started with Bytesafe Community Edition?

Our Community Edition documentation describes how to download and install the platform, including instructions for Docker and Kubernetes.

Bytesafe Basics

How do I work with Bytesafe private registries?

Access Bytesafe with:

  1. Npm clients (npm / yarn / pnpm), Maven clients (mvn / gradle), NuGet clients (nuget / dotnet) or Python clients (pip / twine) - Work with packages using regular command line tools.
  2. CI/CD - secure package source for build pipelines like GitHub Actions or Azure Pipelines.
  3. Bytesafe CLI to manage registries and packages (available for Mac, Windows and Linux).
  4. Bytesafe Web application - get a complete overview & manage registries, packages, team members, plugins, policies, integrations and more.

The appropriate tool depends on the use case.

Can I still make use of public registries & repositories when using Bytesafe?

Yes. Public registries can easily be configured as upstreams (linked package sources). Bytesafe even supports proxying multiple upstreams for each registry. To learn more, see the documentation on Upstreams.

Can I have multiple private registries in a Bytesafe Workspace?

Yes. Bytesafe offers unlimited hosted registries for all workspaces. Create as many registries as you wish and connect them into workflows that suit your needs. Need inspiration? See the Use case section of the Bytesafe docs.

How do I integrate Bytesafe with other services?

Bytesafe offers pre-built integrations for both Slack and GitHub. In addition, Bytesafe can be integrated as a package source / destination for any CI/CD or other service that supports custom package configurations.

What is a Read-Only user?

A Read-Only user is a special type of user that has limited access to your Bytesafe Workspace. Read-only users are ideal for keeping colleagues and stakeholders up to speed when you don’t require the whole range of Bytesafe features, such as uploading and installing packages.

Security & License compliance

Can I prevent undesirable packages or versions from entering my Bytesafe registries?

Yes, with Bytesafe Policies. Policies are rules that are checked before any registry action is applied. Example include Secure Policy, that only allows package versions without known vulnerabilities in registries.

Can I scan packages in registries for security issues?

Yes, with the Vulnerability Scanner Plugin. The plugin scans all packages in a registry to identify any known vulnerabilities from the Bytesafe advisory database. Users are notified in Bytesafe or directly in their Slack channels.

How do I identify open source licenses for my package dependencies?

Packages hosted in Bytesafe registries are automatically scanned for license information. This includes package files in addition to the information in package.json. Identified licenses are displayed in Bytesafe together with any identified license issues. Read more

Can I scan packages in registries for license compliance issues?

Yes, with the License Compliance Plugin. Packages in a registry are scanned and compared to the active license policy to identify problematic, unlicensed or non-standard licenses. Users are notified through email, in Bytesafe and directly in their Slack channels.

Support & Sign up

How do I contact customer support?

Bytesafe support is available either via email (support@bytesafe.dev) or using the chat widget from either this site or from inside Bytesafe.

What information do I have to supply to sign up for Bytesafe?

During sign up you select your desired workspace name and sign up with a user (social login or email). No other information is required. You do not have to provide any payment method or billing information.

Can I invite others to collaborate on my Bytesafe workspace and registries?

Yes. Login to Bytesafe to manage team members and invites.

Where can I learn more about using Bytesafe?

Visit the Bytesafe Blog, the Bytesafe documentation or follow us on Twitter to stay updated with our updates: Bytesafe Twitter

Billing & Pricing

Can I use Bytesafe for free?

Yes! Our Developer plan allows you to use a large set of the Bytesafe features for free. Workspaces that require advanced features and more users for collaboration can upgrade to a premium plan without friction. More information about the premium plans can be found on the Pricing page.

Can I cancel my account at any time?

Yes, you can cancel at any time. The account remains active until the end of your current billing period, meaning you can still use your account during this period.

When do I get billed?

After trial, billing is performed at the start of each billing period. Adding users incur an immediate billing for the remaining period.

Does Bytesafe store any credit card information?

No. All credit card activity and information is handled by our trusted third-party providers, Chargebee and Stripe.

Can I downgrade my premium plan to a free plan?

Yes! However, we will inactivate all but one user and any corresponding security tokens. We recommend you to verify that no service disruptions occurs in your services by manually inactivating users prior a downgrade.

Is Bytesafe available as a trial?

Bytesafe is completely free for individual users and will continue to be so. All accounts automatically activate a free trial of our premium plan on sign up (no credit card required). If you have any questions related to features related to out premium plans, feel free to contact sales@bytesafe.dev.

Is Bytesafe free to use for open source projects?

Yes, we support the community and Bytesafe is provided free of charge for public open source projects! To get a Community account, just sign in to Bytesafe and contact support@bytesafe.dev with info about your project.

Does the price include tax?

Unless otherwise stated, the Subscription Charges do not include any taxes, levies, duties or similar governmental assessments, including value-added, sales, use or withholding taxes assessible by any local, state, provincial or foreign jurisdiction (collectively “Taxes”).

Can I upgrade my active plan at any time?

Yes! Your account will be upgraded to the new plan with attached benefits as soon as payment has been processed. Your account will have the benefits attached to the new plan for as long as payment is provided.

What happens if I downgrade my active plan?

If you’re on a paid plan that doesn’t fit your needs, you can downgrade to a lower tier. You will keep your current features and limits until the next billing cycle. The next bill will reflect your changes.

Is my local currency supported?

Prices in different currencies are shown for informational purposes and updated infrequently. Our services are priced and billed in Euro (EUR, €)

Privacy & Security

Is Bytesafe GDPR Compliant?

Yes. Bytesafe is GDPR compliant and maintains high information security standards in order to keep customer data secure and process and store personal data in compliance with applicable data protection regulations. For further information please see our Privacy Policy.

What is the GDPR?

The European Union (EU) General Data Protection Regulation (GDPR) is a data privacy law that applies to any company, such as Bytesafe (Bitfront AB), that processes data of EU residents, regardless of the company’s business location. Broadly, the GDPR requires that: Data of EU residents considered “personal” must be protected and processed only as permitted; Access to this data is controlled and restricted; Contracts with third party processors must contain certain specific terms regarding their processing of the data; EU residents have numerous rights with respect to their personal data, including the right to restrict processing and to know the personal data a company holds on them; and Specific guidelines for data security incident notifications are followed.

Is Bytesafe a Data Processor or Data Controller?

Bytesafe (Bitfront AB) acts as a data controller when processing personal data of its customers, and as data processor to the extent Bytesafe (Bitfront AB) processes customer personal data in connection with providing the services.

Does Bytesafe process “Personal Data” as defined by GDPR?

Bytesafe (Bitfront AB) captures Personal Data of our end-users, i.e. those individuals with Bytesafe accounts. Specifically, we capture name, email address and other information received from Microsoft, Github, Google through our OAuth2 / SSO or SAML integrations.

How does using Bytesafe impact my GDPR responsibilities?

If you are thinking about initiating security vulnerability scanning (or other supply chain security measures with Bytesafe) and are concerned about the lawfulness of processing personal data in this context we recommend reviewing Recital 49 in the GDPR. Recital 49 suggests that the processing of personal data for the purposes of ensuring that your networks and information systems are secure and protected from malicious attacks constitutes a legitimate interest for you as a data controller.

Can you tell me a bit more about how you secure customer data?

We have collected some information regarding security within Bytesafe on our security page. Please feel free to contact us with any specific question on our Contact page.

Do you supply a Data Processing Agreement (DPA) and a list of Subprocessors

A DPA will be applicable for customer’s within the EU and available here as well as a current list of Subprocessors. If you’d like us to sign a custom DPA, you can do that on an Enterprise plan. Reach out to our Sales team here.

Technical questions?
Visit our docs site