Gitoqlok. Security Concerns
Our Gitoqlok users often question whether the extension saves the Qlik Sense app data files to the Git repository and whether it is secure to use our product.
So when it comes to the latter, one tends to be exceptionally careful and alert — we all know that. What we are also sure of, and more than that, what we care about is the concerns of the users of our products.
Gitoqlok only has a connection to the Git provider that you give access to connect it to. It can be your corporate on-premise GitLab or your personal GitHub account. You can choose this on your own.
Here are reasons you can download Gitoqlok and be sure — you are secure.
Google Chrome Web Store Featured badge
Gitoqlok has been awarded the Featured badge on Chrome Web Store and manually evaluated by Google Chrome team members.
According to the source, Featured extensions on Google Chrome “follow the best practices and meet a high standard of user experience and design.”
This also includes “using the latest platform APIs and respecting the privacy of end-users’’.
While the complete disclosure of data collection policies is implied by best practices, they only request the permissions needed to implement extension features.
Google Chrome Web Store Established Developer badge
The established Developer badge “showcases publishers who have verified their identity and demonstrated compliance with the developer program policies.” Being confident about the developer of your add-in adds to the overall confidence in the safety of the extension. Developer Program Policy ensures a positive experience for everyone using the Chrome Web Store.
Data security
When uploading your Qlik Sense App to the Git repository, we only let you upload the script and the visualization layer. Confidential data and any other data from the app ARE NOT included.
Gitoqlok hasn’t access to the data and doesn’t call the REST API method to retrieve data from the app.
Legal terms
Gitoqlok Enterprise license policies fix all the obligations and functions of the product: every aspect of the user’s confidential information is detailed in a legal contract. No party is willing to violate the Legal by financial or reputation means.
Packet analyzers
The most cautious ones may want to validate further their products, which is completely reasonable. Plenty of packet analyzers (packet sniffers) are on offer, aimed at monitoring network traffic and scanning incoming traffic for malicious code. Whichever you use, expect to be pleasantly reassured.
You will see that the only external services that Gitoqlok communicates with are:
- Sentry.io collects logs in an anonymized form about unexpected exceptions that occur. You can easily switch it off on the options page of the Gitoqlok.
- Google Analytics to collect information about the number of button clicks. You can easily switch it off on the options page of the Gitoqlok.
- Your configured Git provider
Customer reviews
Checking reviews from other people who have used the extension helps gain insight and, thus, trust for the service based on other people’s experiences. Moreover, reviews allow new users to gauge the average experience of those using the app. Join our Slack community to see the reviews and evaluate the overall customer experience with Gitoqlok.
With everything above in mind, one can be confident in the security of any browser extension. As they say, double-check to prevent the wreck!
If you have further inquiries or questions, please do not hesitate to leave them in the comments.
