codecov
Safeguard articles tagged "codecov" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Anatomy of the Codecov Bash Uploader compromise
A single altered line in Codecov's Bash Uploader ran undetected for 65 days, siphoning CI secrets from thousands of pipelines before anyone noticed.
Lessons from the Codecov Breach: When Your CI Secrets Walk Out the Door
For two months in 2021, Codecov's Bash Uploader quietly exfiltrated CI environment variables. Here is how a single trusted script became a mass credential-harvesting operation.
Codecov Bash Uploader 2021: A Supply Chain Retrospective
The Codecov bash uploader compromise was the quiet supply chain attack that exposed how CI secrets flow through every customer's pipeline. A five-year look back.
Codecov Bash Uploader Compromise: A Supply Chain Attack on CI/CD
Attackers modified Codecov's bash uploader script to steal environment variables from CI pipelines. Thousands of repositories were exposed for two months.
Codecov Bash Uploader Compromise: A Retrospective
A single altered line in Codecov's Bash Uploader leaked CI secrets for 69 days across thousands of repos. Here is what actually happened and why.