Security & Compliance

Customers entrust us with their workloads, and therefore with their data. We take this trust extremely seriously, and employ a multifaceted approach to ensure security and isolation.

In addition to security being at the core of our infrastructure and software, we are also audited and pentested regularly to ensure nothing slips through the cracks.

SOC 2

As part of SOC 2 certification, our compliance is continuously monitored by external security experts. The findings of these audits and our SOC 2 certification can be viewed in our Trust Center.

SOC 2 Type II Badge

Trust Center

To provide transparency into our security controls and certifications, anyone can request access to our Trust Center to view our SOC 2 report, controls, and list of sub-processors.

Visit Trust Center →

Audit logs

Changes made to your workspace, instances, and volumes produce audit logging entries which can be used for security and debugging purposes.

Audit entries are available in Namespace's UI and can be filtered for certain actions or actors.

Audit Events Table
Audit Events in the Namespace Dashboard

Audit Log Forwarding (SIEM)

Namespace also supports pushing audit events to a customer provided SIEM (Security Information & Event Management) solution. This allows for centralized analysis, streamlined compliance, and real-time threat detection within your existing security tooling.

Audit Log Forwarding is available to Enterprise customers.

To set up Audit Log Forwarding with SIEM for your workspace, reach out via your dedicated support channel or email us at support@namespace.so.

Audit Log Types

Namespace audit logs include many different actions, including contextual data to understand exactly what happened. The most important actions and what data they contain are detailed below:

Audit Event Types

workspace.ownership.transfer

Ownership of a Workspace has been transferred to a different user

{
    "tenant_id": "tenant_...",
    "action": "workspace.ownership.transfer",
    "target": {
        "type": "user",
        "user_id": "user_...",
        "email": "quux@example.com"
    },
    "attributes": {
        "previous_owner": {
            "user_id": "user...",
            "email": ...
        }
    },
    "at": "2025-03-14T21:08:41+00:00",
    "actor": {
        "type": "user",
        "user_id": "user_...",
        "email": "foobar@example.com"
    }
}

workspace.membership.add

A user has been added to the workspace.

{
    "tenant_id": "tenant_...",
    "action": "workspace.membership.add",
    "target": {
        "type": "user",
        "user_id": "user_...",
        "email": "quux@example.com"
    },
    "attributes": {
        "role": "READER"
    },
    "at": "2025-03-14T21:08:41+00:00",
    "actor": {
        "type": "user",
        "user_id": "user_...",
        "email": "foobar@example.com"
    }
}

workspace.membership.update

The role of a workspace member was changed.

{
    "tenant_id": "tenant_...",
    "action": "workspace.membership.update",
    "target": {
        "type": "user",
        "user_id": "user_...",
        "email": "quux@example.com"
    },
    "attributes": {
        "role": "ADMIN"
    },
    "at": "2025-03-14T21:08:41+00:00",
    "actor": {
        "type": "user",
        "user_id": "user_...",
        "email": "foobar@example.com"
    }
}

workspace.membership.remove

A user has been removed from to the workspace.

{
    "tenant_id": "tenant_...",
    "action": "workspace.membership.remove",
    "target": {
        "type": "user",
        "user_id": "user_...",
        "email": "quux@example.com"
    },
    "attributes": {
        "role": "READER"
    },
    "at": "2025-03-14T21:08:41+00:00",
    "actor": {
        "type": "user",
        "user_id": "user_...",
        "email": "foobar@example.com"
    }
}

workspace.update

The Workspace configuration was updated.

{
    "tenant_id": "tenant_...",
    "action": "workspace.update",
    "attributes": {
        "name": "New Workspace Name"
    },
    "at": "2025-03-14T21:08:41+00:00",
    "actor": {
        "type": "user",
        "user_id": "user_...",
        "email": "foobar@example.com"
    }
}

workspace.token.emit

An authorization token has been emitted for the workspace, e.g. a user signed in.

{
    "tenant_id": "tenant_...",
    "action": "workspace.token.emit",
    "attributes": {
        "duration": "600s"
    },
    "at": "2025-03-14T21:08:41+00:00",
    "actor": {
        "type": "user",
        "user_id": "user_...",
        "email": "foobar@example.com"
    }
}

instance.ssh

An SSH session was initiated with a workspace instance.

{
    "tenant_id": "tenant_...",
    "action": "instance.ssh",
    "target": {
        "type": "instance",
        "instance_id": ...
    },
    "at": "2025-03-14T21:08:41+00:00",
    "actor": {
        "type": "user",
        "user_id": "user_...",
        "email": "foobar@example.com"
    }
}

volume.release

Emitted when a volume is released by an actor, e.g. by pressing [Release] in the Web application.

{
    "tenant_id": "tenant_...",
    "action": "volume.release",
    "attributes": {
        "tag": "my-volume"
    },
    "at": "2025-03-14T21:08:41+00:00",
    "actor": {
        "type": "user",
        "user_id": "user_...",
        "email": "foobar@example.com"
    }
}

federation.github.associate

Namespace's GitHub application has been associated with the workspace.

{
    "tenant_id": "tenant_...",
    "action": "federation.github.associate",
    "target": {
        "type": "github_installation",
        "github_installation_id": 1234...
    },
    "at": "2025-03-14T21:08:41+00:00",
    "actor": {
        "type": "user",
        "user_id": "user_...",
        "email": "foobar@example.com"
    }
}

federation.github.deassociate

Namespace's GitHub application has been deassociated from the workspace.

{
    "tenant_id": "tenant_...",
    "action": "federation.github.deassociate",
    "target": {
        "type": "github_installation",
        "github_installation_id": 1234...
    },
    "at": "2025-03-14T21:08:41+00:00",
    "actor": {
        "type": "service",
        "service_id": "github"
    }
}
  • Private Networking → Connect instances within a workspace over a secure private network.
  • IP ranges → Restrict access to traffic from Namespace’s trusted IP ranges.
  • Data Residency → Control where your data lives with customizable data residency support.
  • Federation → Enable secure, bidirectional access between Namespace and your cloud.