If a team member uses a personal token with Travis and the personal token can ac... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nstart on Dec 8, 2022 \| parent \| context \| favorite \| on: Tell HN: Travis CI is seemingly compromised (once ... If a team member uses a personal token with Travis and the personal token can access private org repos, there’s a chance this can trigger.

jghn on Dec 8, 2022 [–]

Absolutely. I hadn’t seen anything yet that was a smoking gun pointing at Travis. While it’s a likely candidate I wanted to voice that it might be another vector

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact