{{build.link}} lacks security (authentication)


So I’ve setup the plugins/slack integration successfully, to notify upon build statuses. I’ve included the {{build.link}} interpolation for templating.

The link isn’t protected?
ie. drone.company.com/$USER/$APP/$BUILD_ID
And basically all $BUILD_IDs are visible.

Where as the other routes as the whole path up until $BUILD_ID is protected

Is there a configuration to prevent this?


A repository in Drone inherits its visibility from source control management (e.g. github). If the repository is public in github (or more specifically, private != true) then it is publicly visible in Drone by default. You can override the default visibility in the repository settings in Drone and change to internal (any authenticated user can view) or private (only collaborators can view).

You can see a screenshot below of what it looks like when you visit a repository that is private and you are not authenticated.



Ahhh, that makes sense :man_facepalming:t4:

Thank you so much :hugs: