[patio11]

how do you trust the hosted CI company not to look at your code?

Contracts, not firewalls, make the world go round.

[inopinatus]

Can't upvote this hard enough. It's a classic conceit of secops people that they are the only line of defence against unscrupulous behaviour. Systemic pathologies follow from this misbelief.

c.f. also: "Enterprise Architects", a group of people who think building IT systems qualifies you to redesign an entire organisation.

[scrollaway]

To be fair a contract does not guarantee the security framework of the company you are contracting, which means your code is only as safe as their weakest link.

[NeutronBoy]

Which is why contracts include things like right-to-audit, so you can verify for yourself.