Frequently Asked Questions

How does Crocodile access my source code?

Crocodile stores the source code files that are part of reviews to provide a fast user experience. Every file is encrypted with per file data encryption keys. The data encryption keys are then encrypted with a master encryption key. All cryptographic operations are performed using Google Tink, which is a cryptographic library created by cryptographers at Google that is designed to be misuse resistant.

Files are encrypted using Stream AEAD using AES128_GCM_HKDF_4KB key type as recommended by Google.

The data encryption keys above are encrypted using AEAD with a master AES128 key.

What GitHub permissions does Crocodile need?

See GitHub Permissions for a description of what permissions Crocodile needs and how they are used.

What browsers are supported?

Chrome (and Chrome based browers like Edge, Brave, etc.) and Firefox.

How is usage for billing computed?

Billing is based on the maximum number of users in your Crocodile organization for the billing period. See Billing for more information.

Can I run Crocodile on-premise?

Not at the moment. If this is something you are interested in, let us know.