The code you deploy is in read-only images, it can't be modified after the build hook has completed (unless you set up mounts).
Access to a project can happen through SSH (with key-based authentication) and the Console, you can also set up multifactor authentication (MFA).
Security-Enhanced Linux (SELinux) is used for all environments along with other custom intrusion detection systems, monitoring and alerting tools.
For more information on this feature, please see the following page in the Platform.sh documentation: