Is there a plan to *stop* Travis requesting read / write access on login?

At the moment have oauth scopes that require read / write access to all repos which is a risky thing to give to a third party. worked without this scope.

Is there a plan and timeline to remove this scope from


Yes. We will be moving to integration via GitHub Apps, which provides more granular permissions. See

FYI, the “Set up your open source project now” button on leads people into this “risky” situation.

It seems like that link should direct to until the open source permissions are fixed on

To clarify…if you want to “set up your open source project now”, consider NOT clicking the “Set up your open source project now” button, because it takes you to which requests read/write permissions for ALL repos in your github account. Instead, consider going to sign up at

1 Like

Any updates on this? still requires GitHub “Third Party Access” with access to all my private repos to operate.

1 Like

Polite bump for an update here. The sign-in permissions should not need write access. This is not very clear on sign-in, and some users are granting this write permission without understanding what they’re doing.

1 Like

Hello, is there any ETA when will fix signup permissions? This is my first experience with travis but was very confused by those 2 domains and mostly that .org needed strict permissions but .com required access to all the code - read and write too.

This is probably big blocker for many people and organizations wanting to use Travis. Per project access to code is very important.

Cause looks like that you recommend people to use .com domain for everyone (public, private repos) but it’s much less secure in terms of granularity of permissions.


This is how it looks right now.

FWIW it hasn’t changed during the past year at all.

October 2018:

I’d advice to not grant authorization in current state.