Announcing SOC2 Compliance: ensuring your internal developer portal is as safe as it should be
We’re happy to announce that we’ve passed SOC2 certification and are now SOC2 compliant.
A recent security vulnerability discovery raised the question of internal developer portal security. Can a developer portal be both SaaS, not self-hosted, and be designed with security first and foremost? In short, the answer is “Yes!!”.
We’re happy to announce that we’ve passed SOC2 certification and are now SOC2 compliant.
Some of the key highlights in our secure approach to internal developer portals are as follows:
- Port does not store its customers’ credentials. The data ingested to Port is in push; Port does not collect any data on its own.
- Port’s web interface is the main way to view, organize and manage the Software Catalog. It is highly customizable and gives the customer complete control over what catalog data is exposed and to whom.
- Changes are tracked in two ways, either through a secure webhook or through a subscription to a dedicated message queue. In addition, Port offers a custom agent which customers can install to handle changes, self-service actions and other notifications. The agent will handle parsing the requests and forwarding them to the customer’s infrastructure, saving the need to validate the authenticity of the request.
- All data managed by Port is encrypted at rest & in transit. Port uses SSL (TLS v1.2+ where applicable) for all of its requests and implements industry standard encryption, authorization and authentication. It also uses rotating access tokens, credentials and secrets to guarantee the long-term safety of user data
- We offer industry-standard data controls for data security. These include encryption-at-transit, encryption-at-rest, and PII data redaction. Port also employs Single Sign-On (SSO), Role-Based Access Control (RBAC), and audit logs to secure access to its platform and prevent access to unauthorized data.
Get your survey template today
%201.svg){kind=small}
Download your survey template today
Free Roadmap planner for Platform Engineering teams
Set Clear Goals for Your Portal
Define Features and Milestones
Stay Aligned and Keep Moving Forward
Create your Roadmap
Free RFP template for Internal Developer Portal
Creating an RFP for an internal developer portal doesn’t have to be complex. Our template gives you a streamlined path to start strong and ensure you’re covering all the key details.
Get the RFP template
Leverage AI to generate optimized JQ commands
test them in real-time, and refine your approach instantly. This powerful tool lets you experiment, troubleshoot, and fine-tune your queries—taking your development workflow to the next level.
Explore now
Check out Port's pre-populated demo and see what it's all about.
No email required
.png)
Check out the 2025 State of Internal Developer Portals report
No email required
Minimize engineering chaos. Port serves as one central platform for all your needs.
Act on every part of your SDLC in Port.
Your team needs the right info at the right time. With Port's software catalog, they'll have it.
Learn more about Port's agentic engineering platform
Read the launch blog
Contact sales for a technical walkthrough of Port
Every team is different. Port lets you design a developer experience that truly fits your org.
As your org grows, so does complexity. Port scales your catalog, orchestration, and workflows seamlessly.
Book a demo right now to check out Port's developer portal yourself
Apply to join the Beta for Port's new Backstage plugin
Further reading:
Learn more about Port’s Backstage plugin
.png)
