Secure transfer of source code

ICT Institute often receives source code and other files for analysis. If you are working with us and want to send us code, these are the guidelines.

Collecting source code

We typically analyze the latest production version or the current development version. Please check out the right version to a separate folder.

Deleting unneeded files

In some cases, source code repositories contain large data files. This makes the zip files extremely large and difficult to handle. If the file size is more than one Gigabyte, it is likely that it includes data files that are not source code and can be deleted. Look for images, video files, .data or for .pack. You can use commands like “find . -name “*.pack” -type f -delete” to automatically delete all such files in a folder.

Note that you do not have to delete all unneeded files. Text files are often small and can be left in. Our analysis tools will ignore these automatically.

Sending the output

If you have a good password generation tool installed, you can password protect the folder/ZIP-file and share this password with us by text message or over the phone. You can upload the file securely via our WeTransfer portal on ictinstitute.wetransfer.com.

We use this portal as well to send you documents securely. You will receive a link, which allows you to download the content from our portal.

What we do with your code

We use your code only for the agreed purpose. So if we agreed we to analyze your code for security advice, we will do exactly that. Nothing more, nothing less. For some projects we work with explicit non-disclosure agreements. Even if these have not been agreed, we always take reasonable care to prevent security breaches on a best effort basis.


Voor de Nederlandse versie van deze pagina, volg deze link.