When we make a gravity tar file to be installed on premise, is it possible for someone to reverse engineer the tar and get access to our code and copy it?
The installer tarball is a regular tarball that does not offer protection on its own. Depending on the type of environment/language used to develop the application - it might be possible in the absence of any protection measures (i.e. python files even if only compiled packages are subject to reverse engineering unless encrypted or otherwise protected).
We do have encryption as an option for the user packages on the enterprise side so it is not possible to read/decrypt the packages w/o a key (for example, a user license).