Data access & permissions
Before you connect anything, here is exactly what ShipReady Metrics reads from each system — the scopes it requests, what it pulls, and which scores that data feeds.
What is kept is narrower than what is read — and the detail matters more than the slogan:
- Your source code is never stored. No repository is ever cloned. A short, fixed list of manifest files is fetched, parsed in memory to detect runtime versions, and discarded — file contents are never written down.
- The scoring inputs behind each run are aggregates: counts, ratios, and totals.
- Supporting metrics do carry identifiers, where a number is only useful attached to the thing it describes. Per-repository breakdowns carry repository names; contributor breakdowns carry the contributor name from your source system; findings carry the affected resource. A finding you can’t name is a finding nobody can fix.
DevOps & Code
Cloud
AI & Data
Why you can trust this list
Every scope above is rendered directly from the same connector definitions the product enforces at connect time — this page can’t claim access the app doesn’t actually request. For how each score is computed from this data, see the methodology; for isolation, encryption, and subprocessors, see Trust & Security. Questions about a specific scope? info@persooninc.com.
Running a formal security review, or need a DPA, the subprocessor list, and SSO/SCIM before you roll this out? Talk to us about enterprise.
When you disconnect
Disconnecting a source removes the connector and permanently deletes its stored credentials right away. Scores and metrics already computed from it stay in your organization's history — that data is removed when you close the account or request erasure. For full retention horizons and deletion paths, see the Trust & Security data-retention policy.
See it on your own data
Connect a source and your Executive Overview populates as the first sync completes — about a minute for small orgs, several minutes for large estates.
Get your trial report