Security

Fleet's serverless technology has been carefully designed to protect against attacks in a shared environment.

Fleet Function was designed to make it impossible for the code to leave the sandbox, it was designed at the beginning of the project. Running an environment like Node.js with all APIs could be a problem when the functions are executed in the same process, so some Nodejs APIs were limited in the context of the function to prevent the functions from leaving the sandbox.

Although these initial design decisions seem effective, we continue to add defense in depth, including techniques to stop attacks, creating additional layers of isolation between suspicious and high-value functions and other continued security improvements.

Infrastructure Security

Isolate instances can handle hundreds or thousands of requests and orchestrate hundreds of functions simultaneously. As part of our security process, suspicious functions are performed in separate instances of isolates and the same is true for paying functions that are performed separately from instances of the community.

Configuration and vulnerability analysis

The Fleet Function runs on top of the Node.js runtime. We are responsible for keeping Node.js updated and discontinuing versions no longer maintained by LTS.

If you use additional libraries with your function, you will be responsible for keeping them up to date.

Fleet Function discontinues versions of Node.js when the version is no longer maintained. You will be notified and responsible for migrating your functions to the compatible version.