Your agents can finally write, run, and ship code in real isolation.Meet Tenki Sandbox
Thomas Sanlis
Arnar Þór Sveinsson
Daniel Donaldson
Jan Beck
Ayush Gharat

TRUSTED BY HUNDREDS OF TEAMS

Enterprise-grade security on every run.

Companies deploy faster with Tenki

SiyavulaBlockwareSiaUpsellCitreaOmnilensLayersOrynthLuxorNetmakerSiyavulaBlockwareSiaUpsellCitreaOmnilensLayersOrynthLuxorNetmaker

Compliance

Tenki is aligned with SOC 2 Type II
and ISO 27001 security practices.

SOC 2 Type II via Luxor Technology

Tenki is built on the same security controls and operational policies as Luxor's SOC 2 Type II certified platform. A Tenki SOC 2 report is currently in progress. Other reports from Luxor Technology are available under NDA upon request.

SOC 2 Attested Data Center

All Tenki compute runs in SOC 2-attested data-center facilities with physical access controls, environmental monitoring, and audit logging.

ISO 27001 Certified Data Center

All Tenki compute runs in ISO 27001-certified data-center facilities covering information-security management controls.

Ephemeral VM Isolation

Ensures isolation, strong security and clean execution environments.

99% SLA

Uptime SLA, contractually guaranteed and backed by credits.

Security Program

How we secure your builds,
end-to-end.

A SOC 2-aligned program covering audit attestation, a published threat model, and modern encryption for data at rest and in transit.

SOC 2 Type IITenki operates under parent company Luxor Technology's SOC 2 Type II program, refreshed annually against the AICPA Trust Services Criteria. Report available under NDA.
Tenki operates under the SOC 2 Type II program of its parent company, Luxor Technology, audited by an independent licensed CPA firm against the AICPA Trust Services Criteria for Security, Availability, and Confidentiality. Reports are refreshed annually and made available to qualified prospects and customers under a mutual NDA. To request the latest report, email hello@tenki.cloud from a corporate domain and we will respond within two business days with the NDA and report bundle.
Threat modelSingle-tenant, ephemeral VMs isolate every job — fresh kernel, disk, and network.
Our threat model centers on protecting customer source code, build artifacts, and CI secrets from unauthorized access during workflow execution. Every job is provisioned to a single-tenant ephemeral virtual machine with a fresh kernel, fresh disk, and isolated network namespace, so jobs cannot inspect or interfere with other jobs. The runner is destroyed at the end of every workflow and job-time secrets never leave the VM boundary. We continuously evaluate risks across our supply chain, hypervisor, control plane, and customer integrations, and harden controls as the threat landscape evolves.
Encryption in transitTLS 1.2+ everywhere, with HSTS enforced and mutually authenticated internal traffic.
All traffic between your GitHub organization, the Tenki control plane, and our runners is encrypted using TLS 1.2 or higher with modern cipher suites and forward secrecy. Public endpoints enforce HSTS and reject downgraded connections, and internal service-to-service calls run over mutually authenticated TLS inside a private network.
Encryption at restAES-256 across storage, databases, and backups, with hardware-backed, rotated keys.
Customer data is encrypted at rest with AES-256 across object storage, databases, backups, and ephemeral runner volumes. Encryption keys are managed by our cloud provider’s hardware-backed key management service, rotated on a defined schedule, and access is restricted to a least-privileged subset of production engineers under audit logging. Customer-supplied secrets injected into workflows are encrypted at rest, decrypted only inside the runner VM at job start, and zeroized when the VM terminates.

Operations & Disclosure

Incident response, testing,
and responsible disclosure.

Documented operational practices for detecting, containing, and communicating security events — and a clear path for researchers to report them.

Incident response24/7 on-call rotation with a documented IR plan, severity tiers, and post-incident reviews.
Tenki maintains a documented incident-response plan with defined severity tiers, escalation paths, and a 24/7 on-call engineering rotation that triages and contains security events as they occur. Every incident is followed by a post-incident review that captures root cause, customer impact, and remediation actions, and the plan is exercised on a recurring basis to validate detection and response timing.
Notification SLAImpacted customers notified within 72 hours of a confirmed incident, with a written post-mortem to follow.
If a confirmed security incident materially affects your data or workflows, Tenki will notify impacted customers within 72 hours of confirmation through the security and billing contact emails on file. Initial notifications include what we know, what we do not yet know, and the immediate steps we are taking. A written post-mortem with remediation status follows once the investigation has closed.
Penetration testingIndependent third-party pen tests at least annually, plus continuous scanning and peer code review.
We engage independent security firms to perform third-party penetration tests of our application surface and underlying infrastructure on at least an annual cadence, supplemented by continuous internal vulnerability scanning, dependency review, and peer code review on every change. Findings are tracked to closure under defined service levels — critical and high-severity issues are remediated as a priority before the engagement is closed and a clean retest is issued. A summary letter from our most recent test is available to enterprise customers under NDA on request.
Vulnerability disclosureReport issues to security@tenki.cloud; we acknowledge valid reports within two business days.
We welcome reports from the security community. If you believe you have discovered a vulnerability in Tenki, email security@tenki.cloud with reproduction steps and any supporting artifacts. We acknowledge valid reports within two business days and, once an issue is confirmed, provide an expected remediation timeline — usually within ten business days, depending on severity and complexity. We credit researchers at their request once a fix has shipped. Please do not publicly disclose unfixed issues, perform testing that disrupts other customers, or attempt to access data that does not belong to you.

Connection Security

Least-privilege GitHub access.

Tenki requests only the GitHub permissions each app needs — nothing more.

Tenki ships as two separate GitHub Apps (Tenki Runner and Tenki Code Reviewer) that are installed independently, and each requests only the scopes it needs. Install one and you never grant the other’s permissions.

View the full permission table for each app

Testimonials

Don't believe us.
Believe them.

Tenki offers a nice alternative with minimal migration effort. The combination of improved performance and dramatic cost savings makes it worth serious consideration.... I don’t see the point of using GitHub-hosted runners anymore.

Thomas Sanlis

Thomas Sanlis

Indie Maker & Founder

organization logo

Really enjoying the experience with Tenki so far! It feels just like using GitHub Actions with their hosted-runners but only much more affordable. As a bootstrapped startup, the drop in our CI costs has been a huge boost for us!

Arnar Þór Sveinsson

Arnar Þór Sveinsson

Co-founder & CTO

organization logo

Been using Tenki for a month now and it's incredible. 2x faster than github and cheaper. But the winner has been excellent support from Hayssem and the team. Highly recommended!

Daniel Donaldson

Daniel Donaldson

SWE Manager

organization logo

We eat our own dogfood here at Luxor. The firmware team switched very early to Tenki to host our collaborative reverse-engineering tools. It's been 100% reliable.

Jan Beck

Jan Beck

Head of Firmware

organization logo

I switched my GitHub Actions to Tenki Cloud in just two minutes: no config changes, no friction. My builds now run faster and cost less thanks to Tenki’s bare metal runners. CI/CD finally feels fast, fair, and affordable.

Ayush Gharat

Ayush Gharat

Founder

organization logo

Switching to Tenki Cloud runners took seconds and they have been consistent, fast and reliable since day one. No hidden fees and no hassle.

Chris Zeuch

Chris Zeuch

Founder

organization logo

The transition to Tenki was almost imperceptible. Just a quick config change and everything worked right away. I’ve been using it daily ever since.

Jonatan Dutra

Jonatan Dutra

Software QA Engineer

I recently moved my CI/CD pipelines to Tenki Cloud, and the difference has been remarkable. Tenki truly feels built for developers, it's intuitive, transparent, and focused on performance rather than billing complexity.

Malik Anish

Malik Anish

Junior DevOps & Cloud Engineer

Tenki has been fantastic so far, super reliable and easy to use. I don’t have any feedback right now because everything just works, but I’ll definitely continue using it and recommend it to others.

Raphael Discky

Raphael Discky

Software Engineer

Migrating to Tenki was a breeze. It automatically opened a PR to migrate everything, and it just worked perfectly! My workflows have sped up by 2-3x!

BestCodes

BestCodes

Full-stack Developer

I love that Tenki runners are faster than the GitHub ubuntu-latest, and they are 1 million times faster than self-hosted ARC runners on my k3s cluster.

Sandro Marton

Sandro Marton

DevOps Engineer

I finally had the chance to dive into Tenki, and I’m really impressed. 🚀 The platform is clean, intuitive, and technically solid. Navigation feels seamless, performance is smooth, and the overall UX is highly optimized.

Riya Pathel

Riya Pathel

Frontend Developer

Tenki offers a nice alternative with minimal migration effort. The combination of improved performance and dramatic cost savings makes it worth serious consideration.... I don’t see the point of using GitHub-hosted runners anymore.

Thomas Sanlis

Thomas Sanlis

Indie Maker & Founder

organization logo

Really enjoying the experience with Tenki so far! It feels just like using GitHub Actions with their hosted-runners but only much more affordable. As a bootstrapped startup, the drop in our CI costs has been a huge boost for us!

Arnar Þór Sveinsson

Arnar Þór Sveinsson

Co-founder & CTO

organization logo

Been using Tenki for a month now and it's incredible. 2x faster than github and cheaper. But the winner has been excellent support from Hayssem and the team. Highly recommended!

Daniel Donaldson

Daniel Donaldson

SWE Manager

organization logo

We eat our own dogfood here at Luxor. The firmware team switched very early to Tenki to host our collaborative reverse-engineering tools. It's been 100% reliable.

Jan Beck

Jan Beck

Head of Firmware

organization logo

I switched my GitHub Actions to Tenki Cloud in just two minutes: no config changes, no friction. My builds now run faster and cost less thanks to Tenki’s bare metal runners. CI/CD finally feels fast, fair, and affordable.

Ayush Gharat

Ayush Gharat

Founder

organization logo

Switching to Tenki Cloud runners took seconds and they have been consistent, fast and reliable since day one. No hidden fees and no hassle.

Chris Zeuch

Chris Zeuch

Founder

organization logo

The transition to Tenki was almost imperceptible. Just a quick config change and everything worked right away. I’ve been using it daily ever since.

Jonatan Dutra

Jonatan Dutra

Software QA Engineer

I recently moved my CI/CD pipelines to Tenki Cloud, and the difference has been remarkable. Tenki truly feels built for developers, it's intuitive, transparent, and focused on performance rather than billing complexity.

Malik Anish

Malik Anish

Junior DevOps & Cloud Engineer

Tenki has been fantastic so far, super reliable and easy to use. I don’t have any feedback right now because everything just works, but I’ll definitely continue using it and recommend it to others.

Raphael Discky

Raphael Discky

Software Engineer

Migrating to Tenki was a breeze. It automatically opened a PR to migrate everything, and it just worked perfectly! My workflows have sped up by 2-3x!

BestCodes

BestCodes

Full-stack Developer

I love that Tenki runners are faster than the GitHub ubuntu-latest, and they are 1 million times faster than self-hosted ARC runners on my k3s cluster.

Sandro Marton

Sandro Marton

DevOps Engineer

I finally had the chance to dive into Tenki, and I’m really impressed. 🚀 The platform is clean, intuitive, and technically solid. Navigation feels seamless, performance is smooth, and the overall UX is highly optimized.

Riya Pathel

Riya Pathel

Frontend Developer

FAQs

Questions? Answered!

Have a question we haven't answered?
Reach out to hello@tenki.cloud