AppMap Security FAQ

  1. Will AppMap move code or data off of my personal dev environment?

    No. AppMap runtime recordings and diagrams are created and stored locally on your machine. AppMap does not require any permissions to your web hosted code repo in order to run.

  2. Is sign-in required to use AppMap?

    Sign-in via GitHub or GitLab is required to obtain a license key, and start using AppMap in your code editor.

    There are methods of manually generating AppMap data files without a license key. Reach out to an AppMap team member in our community Slack or drop us a line at support@appmap.io for guidance on how to do that.

  3. Does signing in via GitHub or GitLab give AppMap access to my code repository?

    No. GitHub and GitLab are used as OAuth providers only. This allows AppMap to verify your identity, but does not grant access to code hosted with GitHub or GitLab.

  4. What scope does AppMap access to authenticate users via GitHub or GitLab?

    For authentication with GitHub
    • Read org and team membership, read org projects (GitHub docs)
    • Read access user email addresses (GitHub docs)

    For authentication with GitLab
    • Read the authenticated user's personal information. Grants read-only access to the authenticated user's profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users. (GitLab docs)

    AppMap does not require any permissions to your web hosted code.

  5. Where are AppMap files stored?

    AppMap files are stored in your local development project, typically in a tmp/appmap directory within your project, created during the installation process.

    AppMap does not upload or move your AppMap files out of your local environment.

    For specifics regarding the location and configuration of AppMap files see the reference section of our documentation.

  6. What is AppMap's data architecture?

    AppMap agents are libraries that get loaded into your application, and write data to the local filesystem based on the application's runtime behavior.

    These files are then read by the AppMap code editor plugins, or in the case of a CI deployment, by the AppMap CI tools.

    The graphic below illustrates AppMap's data architecture.

    AppMap's data architecture

  7. Who should I contact regarding specific security concerns?

    We are happy to answer any specific questions you may have. Reach out directly to an AppMap team member in our community Slack or send an email to support@appmap.io.