In-Scope Products & Applications

A critical component of any application security program is establishing the precise scope to which security guidelines will apply. Currently, our GitHub account contains over 500 repositories. However, not all of these repositories need to implement all the security controls described in our application security strategy, and we don't currently have the resources to deal with every repository exhaustively. Therefore, it is essential to prioritize and focus our efforts where they will have the most significant impact.

The following list highlights the repositories that are most critical to our business operations and are part of our scope:

Public Repositories

• Rocket.Chat

• Rocket.Chat.Electron

• Rocket.Chat.ReactNative

• fuselage

• airlock

• statuscentral

Private Repositories

• fleetcommand

• Rocket.Chat.TrialService

• cloud-ops

• cloud-portal

• go.rocket.chat

• marketplace-api

• marketplace-worker

• marketplace-ui

• marketplace-go

• omni-gateway

• pushgateway

• cloud

• ZohoBridge

• HubspotBridge

• launchcontrol

If you think that there are other repositories that should be on this list, reach out to security@rocket.chat or send a DM to a security engineer on open.rocket.chat.