Security

How do we protect Travis CI and your builds?

We designed every part of the Travis CI infrastructure to minimize the information Travis CI needs to generate builds or deploy on your behalf, and protect that mission-critical data with absolute care.

Read Our Security Docs

Travis CI is GDPR- and Privacy Shield-compliant for the strictest of data protection standards for minimizing risk to your data and build artifacts.

Travis CI uses OAuth tokens for read-only access to repository data and write permissions to set up SSH keys, configure service hooks, and update build statuses.

Every job runs in an isolated virtual machine or container to prevent interference between concurrent builds.

Travis CI deploys in geographically diverse areas, with redundant facilities, to guarantee that your build history and artifacts are always securely held and accessible. We encrypt all data in transit with SSL/TLS.

Every virtualized build is destroyed after completion, and each new build begins with a fresh image for absolute guarantees against residual data.

Our mandatory automated process scans all raw job files using Trivy and detect-secrets to identify unmasked secrets, hide the offending credential, and produce a log scan report with the context your team needs to remediate.

Travis CI uses AWS EC2, MacStadium, and GCE data centers for virtualized servers, providing the highest standards in data center protection. All essential credentials are stored securely in HashiCorp Vault.

We leverage Stripe, a PCI Level 1 certified payments processor, for billing and payment data—Travis CI never receives or stores your credit card information.

.travis.yaml

language: python
python:
- "3.8"
install:
- pip install -r requirements.txt
script:
- python3 pytest.py

How can you extend Travis CI to protect your supply chain?

Travis CI’s extensibility and developer experience help you implement better security practices across your software development lifecycle—without deploying extensive infrastructure or writing up new integrations in-house.

Securely manage your credentials and keys for CI/CD builds with a new vault node and as little as additional lines of YAML in your .travis.yml file.

Read the docs

Leverage our CLI tooling to make confidential data or files in your jobs readable only by Travis CI.

Leverage Cosign (part of the Sigstore project) to sign container images or artifacts to confirm their origin wherever it’s being pulled and deployed.

When connecting to your VCS provider, like GitHub or Assembla, you stay in full control of how your OAuth tokens are used to read repository data and edit builds for new commits.

Control onboarding for new team members or contractors using Travis CI’s rich privilege limitation dashboard, ensuring only essential personnel can view secrets in pipeline configurations or custom debug output.

Generate a Software Bill of Materials for every build to automatically conform to your software supply chain policies. Then, easily and automatically upload the bill to any of the dozens of supported deployment providers.

.travis.yaml

language: python
python:
- "3.8"
install:
- pip install -r requirements.txt
script:
- python3 pytest.py

Want to dig deeper into Travis CI’s security policies?

We make our data security policies and partnerships readily available for verification.

For all other questions, please contact us.

Have a security concern about Travis CI?

Please contact our compliance team at compliance@idera.com.

A precision tool for the security-forward.

How do we protect Travis CI and your builds?

How can you extend Travis CI to protect your supply chain?

Want to dig deeper into Travis CI’s security policies?

Have a security concern about Travis CI?

Built-in security. Intuitive to extend. Trusted upon by hundreds of thousands.