Welcome to the community forum I’m happy to hear you’ve been using k6 for a while, I hope you are having a good experience so far
What license does K6 use?
You can find details on the k6 in k6/LICENSE.md at master · grafana/k6 · GitHub.
How secure is K6 in meaning of sending the request or handling the data? Does this only happen locally or in pipelines?
K6 is a tool that is designed to help you test the performance and load of your web applications. It does not inherently handle sensitive data or send requests to external servers. Instead, K6 sends HTTP requests to the URLs that you specify in your tests, and the responses are processed locally on your machine. K6 is designed to be a secure tool, but it is up to you to ensure that your tests and test environment are secure.
Any security advisories can be found in: Security Advisories · grafana/k6 · GitHub. At this moment we don’t have any known security vulnerabilities.
Is there a possibility of data being leaked?
K6 is a local testing tool, and as such, it does not store or transmit data to external servers. With one exception. We send some anonymous usage data, that you can disabled if pass the additional flag
--no-usage-report. The only data that is processed by K6 is the data that is generated by your tests, and this data is stored on your local machine. It is important to ensure that your local machine is secure, and that any data that is generated by your tests is handled appropriately.
Does K6 use my own internal network, or how is the network determined?
When you run K6 tests, the network traffic is generated from your local machine. The URLs that you specify in your tests determine the destination of the network traffic. K6 does not use your internal network or any other specific network, but rather sends HTTP requests to the specified URLs in your tests.
I hope this helps. Let me know if you have a follow-up question or anything is not clear