TigerGraph provides a comprehensive set of security features, including authentication, access control, and encryption to secure your data and communication.
Secured and encrypted communication
Audit logs for privileged user actions
TigerGraph Server meets the following security compliance standards as certified by third-party audits:
TigerGraph leverages best-of-breed tools to periodically and proactively scan source code, application runtime, infrastructure to identify security vulnerabilities:
Dynamic Application Security Testing (DAST)
Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
Operating System (OS) Level Vulnerability Scanning
Network Vulnerability Scanning
TigerGraph Server download packages are signed with our PGP key. This ensures the authenticity and integrity of the download package.
Key ID: 413D1F12
Fingerprint:E20D 2B61 FB38 57D4 3B8E B321 67BD 323E 413D 1F12
You can also find our key on https://pgp.mit.edu.
UDF file scanning
|Not available in TigerGraph 3.6 LTS. Available in TigerGraph 3.9+|
TigerGraph users can upload user-defined function (UDF) files to the server and run them as part of a query or loading job. In order to prevent security issues with code execution, TigerGraph Server disables this ability by default and requires it to be enabled manually by an administrator.
In addition, the UDF files are scanned to make sure they comply with the file policy. The scanning process, by default, consists of three parts.
The file scanning policy is controlled by a
GSQL.UDF.Policy.Enable, which defaults to
true. For more information, see the Configuration Parameters page.
Disabled macros with replacement
Macros with replacement are not allowed, for example
#define TABLE_SIZE 100.
However, macros without replacement can still be used, such as
File header allowlist
Only the headers present in the allowlist can be included in UDF files. UDF files with different headers will not be accepted. The list is case-sensitive.
[ "stdlib.h", "string", "tuple", "vector", "list", "deque", "arrays", "forward_list", "queue", "priority_queue", "stack", "set", "multiset", "map", "multimap", "unordered_set", "unordered_multiset", "unordered_map", "unordered_multimap", "iterator", "sstream", "algorithm", "math.h" ]
This is customizable with the
tg_ExprUtil.hpp are always allowed, and do not need to be declared in the allowlist.
TigerGraph also has a non-modifiable blocklist that prevents certain C++ features from being used. For security reasons, this list is not publicly available. Contact firstname.lastname@example.org for more details about the blocklist policy.