Skip to main content

Dino runs locally

Your API data stays on your machine. The Dino CLI is a local process — it connects to your API endpoint, runs tests, and writes results to your filesystem. No data is sent to Dino servers. The only external call is the optional AI reasoning feature, which calls the Anthropic API. Even then, all responses are stripped of secrets before sending.

No secrets in config

.dino.yml never contains API keys or tokens. Only environment variable names are referenced. 
# This is what Dino writes:
auth:
  enabled: true

# Your token lives in the environment:
# export DINO_API_TOKEN="your-token"
This is enforced by design (INV-1) and tested — the buildConfigYaml function is verified to reject any input containing key material.

LLM Redaction

When AI reasoning is enabled, all API responses are stripped of sensitive data before being sent to the LLM provider:
  • API keys and tokens
  • Bearer tokens and JWTs
  • Connection strings
  • Credentials in any format
The redaction layer runs automatically. You don’t configure it — it’s always on when AI features are used.

SSRF Protection

Dino validates every endpoint before connecting. The SSRF guard blocks:
RangeWhat it blocks
Private networks10.x.x.x, 172.16-31.x.x, 192.168.x.x
Loopback127.x.x.x, ::1
Link-local169.254.x.x, fe80::
TEST-NET192.0.2.x, 198.51.100.x, 203.0.113.x
Class E240.x.x.x+
DNS rebindingRuntime DNS validation before every HTTP request
We found and fixed 7 SSRF vulnerabilities in our own security audit (issues #855-#859, #871, #874). The fixes include IP range blocking, DNS rebinding prevention, and runtime DNS validation on every outbound request.

Supply Chain Security

CheckWhat it does
npm provenancePackage origin verified on publish
Aikido SecurityAutomated vulnerability scanning on every PR
eslint-plugin-securityStatic analysis for common security patterns
SBOM generationSoftware bill of materials via CycloneDX
npm auditDependency vulnerability check in CI
SonarQubeCustom quality gate with 395+ rules
Secrets scanningAutomated detection of leaked credentials

Executable Configs Blocked

Only YAML and JSON config files are loaded. .js, .ts, .cjs, .mjs configs are rejected. This prevents code injection through config file supply chain attacks.

Tenant Isolation

Multi-tenant architecture with strict boundaries:
  • Each tenant has its own config file (tenants/<id>.yml)
  • No cross-tenant data access
  • Tenant credentials never appear in shared config or output
  • Scan results are scoped to the requesting tenant

CI Security

13 automated checks run on every PR:
  • Enforcement integrity verification (HMAC-SHA256 checksums)
  • Protected file gate (CODEOWNERS-enforced)
  • Secrets scanning
  • SonarQube analysis with custom quality gate
  • Dependency audit
See Compliance for our SOC 2 and GDPR posture.