More on what data Omlet collects and its security controls
Omlet never collects, stores or upload your code. The scanning process is always done locally using the Omlet CLI available for download via NPM. Only metadata is collected. As a user, you have full control over what code Omlet will scan by choosing which repository it should scan. You have the option to also limit scanning to certain files or directories.
Regarding metadata, function names related to frontend code, file path of where the function is defined, where this function is called are collected. Other metadata we collect are… IP address of the user who uploads the data, node.js version, OS type/version, URL to your git repository and current branch name. These are used for troubleshooting purpose.
Omlet CLI has an option to only generate the output locally which you can use to inspect the data. You can do this by running
omlet analyze --dry-run. This will generate a local file
omlet.out.jsonwith the scanned output that is normally uploaded to Omlet web app. When using
--dry-run, the results are never uploaded to Omlet web app. You can check a sample output file which was generated from this open source project from here.
The metadata collected is uploaded to Omlet backend hosted on AWS (S3) and MongoDB. We only use this data to provide the service directly to you.