Travis CI changelog
Travis CI changelog

Active scanning and censoring post-job build logs




Travis CI introduces additional security scans of build job logs. The scan is mandatory and meant to improve protection against accidentally or maliciously leaked secrets. Scan process is executed shortly after the build job is completed.

If the scan process finds a secret-like pattern:

  • the respective job log line will be censored with asterisks (line numbers do refer to a raw job log line numbers)
  • graphic indicator of the log scan failing will be visible in the repository page and the dashboard until either repository administrator reviews it or 7 days elapse; only repository administrators do have access to the report details

Read more:

Xcode 14.2 available




Xcode 14.2 (14C18) is now available. Just add the tag osx_image: xcode14.2 to run your jobs on this version.

Securely Signing Software with Travis CI




Travis CI enables software developers to securely sign software artifacts as a part of a build job using a cosign tool and a key.

This release allows Travis CI users to:

  • Upload a dedicated SSH key to Travis CI or use existing Hashicorp Vault KMS integration to obtain a key
  • Use the key within a build job to sign a file or container image, which is built as a result of preceding CI steps

Read More:

Xcode 14.1 released




Xcode 14.1 (14B47b) build environment is now available. You may utilize this version right now using the tag osx_image: xcode14.1.

Xcode 14.0.1 available




Now running on macOS 12.6, the Xcode 14.0.1 (14A400) build environment is now available under the tag osx_image: xcode14. Some tools were updated like Fastlane to version 2.210.1, CocoaPods to ver. 1.11.3 and SwiftLint to 0.49.1

Changes in job logs availability




We are introducing new functionalities to increase control over the build’s job logs:

  • Enable/disable access to old build job logs
  • Limit access to build’s job logs

Job logs requested via API are now provided only via API, no redirections to the storage.

These new features provide a certain level of control over the availability of publicly visible Travis CI build job logs to the repository owners.

Read More:

Hashicorp Vault integration available




Travis CI users now can connect Hashicorp Vault with Travis CI. Secrets/configuration may be pulled into CI job from Hashicorp Vault instance instead of storing these permanently at Travis CI native mechanisms. This feature aims to support security policies of teams, who want to maintain easy and full control over secrets via their own Key Management System.

In order to use the feature, a Travis CI user has to:

In your .travis.yml you can now use following convenience hooks:

    secure: "Your encrypted token goes here"
  api_url: https://your-vault-kv2-api.endpoint
    - ns1/project_id/secret_key_a #path to a secret in Vault KV engine

If using this feature, please consider creating a dedicated CI/CD account in Hashicorp Vault with access only to secrets (credentials) or configuration entries required by the CI/CD pipeline. This will help limit security related risks.

Read more:

Build environment: Ubuntu Jammy Jellyfish 22.04




The Ubuntu Jammy Jellyfish 22.04 environment is available using:

os: linux   #optional
dist: jammy

You can learn more about it in our blog post and documentation.

Ghost builds issue update




We had to rollback the constraint of not running builds for commits with a commit date older than several days. It was an attempt to work around the 'ghost build issue' (build is not triggered when it's requested, but all of sudden after some longer time), yet made more harm than help. This means 'ghost builds' may now reappear from time to time.

Xcode 13.4.1 available




The Xcode 13.4.1 (13F100) build environment is available via the tag osx_image: xcode13.4, now running on macOS 12.4 (21F79). Some tools were updated like CocoaPods to version 1.11.3, Fastlane to 2.206.2, and SwiftLint to 0.47.1. Ruby was also updated to ver. 2.7.6 and Java to