melvynkim
commented
7 years ago @larbyamirouche
Can you give us a complete list of our Devops people who should have an access to? Currently, at Slack#devops, there are 9 people involved with the discussions. Should I grant the permissions to all members under this channel?
solarvm
luckyluke317
Currently, only devops team need to have access to codeship CI system.
How it can be dangerous?
Attacker can oversee any tokens or logs of build. Attacker can delete project? Attacker can change build type from docker powered to basic - and deploy ruined.