Security

Responsible Disclosure

If you discover a security vulnerability, please email security@deployship.io. Do not open a public GitHub issue.

What DeployShip Can Access on Your Server

DeployShip, via the deployship user, can:

• Read and write files in your project's working directory
• Execute the commands you configure (build, start, pre/post deploy hooks)
• Restart the PM2 process for your project

DeployShip cannot access files outside your project directories, other users' home directories, or system configuration files unless you explicitly grant additional permissions.

Audit Log

Every action — deployments, environment variable changes, server additions, team member changes — is recorded in the audit log. Access it from your project or team settings.