Travis, Organizations and Private Repos

Hi, 

I’m working on an opensource project owned by an organization (Microsemi/switchtec-user). I’d really like to get travis-ci.org enabled for this repository but the people in the organization’s IT department who maintain control over it obstinately refuse to turn it on. They are worried that even logging into Travis will give Travis access to their github account or provide a third-party access to their other private repos and data.

All evidence I can find says that this is not the case and enabling a travis-ci.org account does not risk account credentials or private data. However, it would be great if someone can give me an official answer which I can point to on what risks there are (if any) to their private repositories when using a third party service.

Thanks,

Logan

Does this help? https://billing.travis-ci.com/pages/security#how-does-travis-access-my-github-account

Thanks, but that applies to travis-ci.com and not travis-ci.org (the open source version). When you use travis-ci.com you do give a third party access to your private data and the document you link to essentially says they can look at your data but won’t do so unless you ask them to.

1 Like