Travis CI’s team has decades of combined experience in creating and maintaining security protocols in software development. We have worked to provide a reliable and well-priced solution to companies looking for a platform that exceeds security standards. Travis CI is trusted by more than 700,000 active users who have more than 300,000 active projects in development on our platform.
No single security measure is bulletproof. While Travis CI works to ensure our clients are as protected as possible, every organization needs to be continuously vigilant with its security practices to prevent potential security breaches.
Our platform censors secrets configured for the build jobs to prevent their open-text exposition in the build job log. However, if a threat actor was able to get access to the build logs, it would be possible for the actor to search the logs for passwords, keys, tokens, and other proprietary information.
That’s why Travis CI also scans every build job log with independent scanners shortly after the build is finished. If the scan discovers a secret in the job log, our tools will censor the entire line of the log and produce a log scan report. The report is available to repository administrators for seven days and provides a detailed breakdown of the raw job file, including potential secret entries. This enables developers to investigate the anomaly and find the source of any potential leaks.
Travis CI allows clients to put an encrypted string into their build definition file and use the software’s native engine and stored internal keys to decrypt the secret. However, some of our clients prefer to use a central key management system (KMS) to maintain confidential information due to its ability to rotate secrets quickly.
To facilitate that process, Travis CI now provides ways to easily integrate our software with Hashicorp Vault. While clients have been able to use Hashicorp Vault previously by providing instructions in their build definitions, they are now able to use the software more easily with a .travis.yml syntax.
Travis CI now allows users to digitally sign their software before releasing it using our cosign tool. Our digital certificates ensure that software has not been tampered with and that the receiver can safely download it. We allow customers to sign both on the client and server sides.
Build job logs often contain supplementary information such as environment variables, names, and values, as well as custom debug outputs that may contain vulnerable secrets such as credentials and tokens.
To protect this information, Travis CI provides customizable limitations on its access. This helps ensure that only essential personnel can view secret information.
Under Travis CI’s default settings, build job logs older than 365 days are not available to anyone. But administrators can change this setting to allow access to those logs through API authentication. This option allows clients to enable or disable access to old build job logs to a group of repository collaborators with write access. Administrators can also limit access to all build job logs to users with write/push access only.
The job log requires users to provide API authentication tokens for both public and private repositories. In addition, job logs requested through API will only be given through API. This helps prevent confidential information from leaking through historical data.