Powering Secure Software Development

Ensure a secure DevOps lifecycle by selecting a software development platform that protects, audits, and
monitors your company’s most valuable assets. Assembla exceeds controls, compliance, and security
standards to ensure that your software development process is locked down from end to end. Here’s how
we do it.

How to Secure Your Source Code: Get the Industry Report

Data breaches are preventable, and no one wants to be the next big breach story. Learn how to secure your source code.

how to secure book


Advanced User Permission Controls

Advanced User Permission Controls allow you to limit access to
projects and repositories based on user type, as well as give you the power to customize access to all projects and repos. This security feature
greatly reduces the amount of time you spend managing your
team while helping you achieve security peace of mind in the
software development process.


With a bird’s-eye view of your users and the files and repos they
can access, Assembla makes it easy to oversee the work that
happens both inside and outside your company. Flexible
permissions for users and groups ensure everyone in your
organization gets the right level of access. Plus, you can count on
a quick setup and rollout with AD/LDAP for simple user account
management, as well as SAML 2.0 for streamlined integrations
with Single Sign-On (SSO).


Read Our Documentation



Assembla is dedicated to providing best-in-class security, compliance, and data protection for our customers. Whether you need to meet specific industry regulations or international security and data privacy standards, Assembla has all of the tools needed to become and stay compliant.

Track each change made to your source code from project start to finish. Quickly prove to
auditors that your organization has the control
and monitoring in place to ensure regulatory compliance. Track actions like repo access, code
reviews, merge requests, Git pushes, and
more. Search for activity by specific users and specific date ranges and generate audit reports
straight from your browser.

Make Audits More Efficient

Audit logs let you track actions like repo access, code reviews, merge requests, Git pushes, and
more. Search for activity by specific uses and specific date ranges and generate audit reports
straight from your browser in XML, CSV, or PDF so your audit process is quick
and painless.

User Activity Audit Reports

Automate your workflows to take the work out of regulatory compliance. Require code reviews and
prevent commits from users groups with Protected Branches. Receive emails and push notifications
when key changes are made to your source code.

Automated Workflows and Notifications

static analysis 1

Static Analysis

More than 75% of breaches are caused by developers inserting secret keys and passwords directly into source code. Assembla automatically finds access keys and passwords left in your code and notifies your team before they’re deployed. Analyze your entire code base for vulnerabilities and scan each commit, instantly, as they occur.

Automated Workflows and Notifications

package management
Package Management
Assembla’s MyGet is a universal package manager that integrates with your existing source code ecosystem and enables end-to-end package management. Centralized package management delivers security, consistency, and governance to your DevOps workflow. Learn more
devops consistency and governance

DevOps Consistency and Governance

MyGet real-time software license detection tracks your teams package usage and detects dependencies across all of your packages. Customized usage policies ensure your teams are only using approved packages while reporting vulnerabilities and outdated packages early in your software build and release cycles.

automate and integrate

Automate & Integrate

MyGet automates build and packaging processes from a centralized cloud platform. MyGet speeds up the development lifecycle while integrating seamlessly with your existing DevOps workflows. Package, version, & publish from GitHub, Assembla, Visual Studio Team Services, and BitBucket.

security practices

Assembla’s Approach to Security

Security and risk mitigation are top priorities for our team. The mindset we bring to our business helps make your business more secure. Our operational playbook includes a bottom-up evaluation of the risks to security, risk mitigation techniques, and ongoing areas of investment to further reduce risks.


Data Security is Our Priority

We offer the Assembla service from multiple data centers with strong security practices that are independently validated by third-party auditors. Every file you store with Assembla is maintained and encrypted using AES 256-bit encryption in geographically diverse areas, leveraging both the Assembla data centers as well as the redundant facilities managed by our partner AWS.

Compliance Certifications

Assembla is fully certified with PrivacyShield and is fully committed to GDPR with data centers in the EU. The full report is available upon request.


Continuous Pen Testing

Assembla uses HackerOne, a leading premier vulnerability coordination platform. The basics of HackerOne are simple. Assembla creates our own security program page with instructions for HackerOne experts.

Risk Management Planning & Process

Our operational playbook includes a bottom-up evaluation of the risks to security, risk mitigation techniques and ongoing areas of investment to further reduce risks, surrounded by a 24/7/365 DevOps team.
centralized team

Team Credentials & Expertise

The Assembla leadership team has over 100 years of combined experience serving clients with dedicated & cloud hosting, source control systems & software, and project management. We enable over 1 million users distributed in over 100 countries to manage all of their repos from a central, secure control point with industry-leading compliance and security.

Hosted on Assembla

14 day free trial. No credit card needed.

Hosted on Your Servers
30 day free trial. No credit card needed.