The security of gProfiler users is our primary concern, and to show that your data is always safe, we've made significant efforts to adhere to relevant security standards and best practices.
Harmless metadata only: Profiling data is only statistical metadata on functions and the functions' resource consumption metrics. This metadata is separate from the related executable code, so users can be assured that the logic of their application(s) is not stored in the system.
Data collection and transmission: gProfiler collects metadata from the host machine (whether your own or a cloud provider's); including number of cores, number of nodes, instance type, CPU and memory utilization, and system metadata such as the kernel version.
Fundamentally, agents collect the stack traces executed by the CPU, in order to output collapsed stack samples and flamegraph files either to a local directory to the gProfiler web platform (the latter of which can be disabled). Data stored is encrypted, and not transmitted or otherwise utilized outside of gProfiler.
Open source: gProfiler is a completely open source and thoroughly audited solution. The entirety of the gProfiler code is publicly available on our gProfiler Github repository and continues to be vetted and verified by third-party auditors, users and open source community participants. This includes our own eBPF profiler and the various open source profiling tools that gProfiler uses to provide a system-wide view of your code across runtimes.
We encourage the open source community to submit bug reports and feature requests, and always stand by to support users of gProfiler who need further assistance.
Fully compliant: gProfiler is certified SOC2 compliant and meets the relevant trust principles required for secure operation. It is also compliant with GDPR standards and HIPAA as well.
Ports communicated: For the SaaS version of gprofiler (non-local operation), whereby the user is profiling cloud instances and can view stack sample results on our web frontend, the agent communicates with our backend via HTTPS over Port 443.