Kind is a tool for running local Kubernetes clusters using Docker container “nodes”. Kind was primarily designed for testing Kubernetes itself, but may be used for local development or CI, and in this use case we will be using Kind with Travis. Let’s learn how.
Hey folks, Droidcon 2022 is wrapped up and now it’s to share all the resources I provided the people who attended my keynote! First I’d like to thank the people who were genuinely in this integration and how to do it. This keynote seemed to clear a lot of questions up.
Sometimes you want to run unit tests that require credentials to AWS, you may not have those off hand, or may just want to run the unit tests in question without AWS. This allows you to run mock credentials for key AWS functionalities, let’s see how we can set this up in Travis.
Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes security and compliance using Open Policy, let’s dig in a bit deeper and see how we can make this integrate with Travis CI.
On April 15, 2022, Travis CI personnel were informed that certain private customer repositories may have been accessed by an individual who used a man-in-the-middle 2FA attack, leveraging a third-party integration token. Immediately upon learning this information, Travis CI immediately revoked all authorization keys and tokens preventing any further access to our systems. No customer data was exposed and no further access was possible.
Upon further review that same day, Travis CI personnel learned that the hacker breached a Heroku service and accessed a private application OAuth key used to integrate the Heroku and Travis CI application. This key does not provide access to any Travis CI customer repositories or any Travis CI customer data. We thoroughly investigated this issue and found no evidence of intrusion into a private customer repository (i.e. source code) as the OAuth key stolen in the Heroku attack does not provide that type of access. Based on what we have found, we do not believe this is an issue or risk to our customers.
Given the data we had and out of an abundance of caution, Travis CI revoked and reissued all private customer auth keys and tokens integrating Travis CI with GitHub to ensure no customer data is compromised.
Please contact Travis CI customer support with any questions or concerns. We will continue to review and monitor.