On January 31, 2021, an attacker exploited an error in Codecov's Docker image creation process to alter the company's Bash Uploader script — the widely used tool that sends code coverage data from CI pipelines back to Codecov's servers. The modified script quietly exfiltrated environment variables from every CI run that used it: tokens, keys, credentials, and secrets, sent to a third-party server outside Codecov's infrastructure. Codecov didn't discover the tampering until April 1, 2021, meaning the malicious script ran undetected for roughly 65 days across an unknown but large number of customer pipelines. HashiCorp, Confluent, Twilio, Rapid7, and other engineering organizations later confirmed exposure. The incident became one of the clearest examples of a build-tool supply chain attack: a single compromised script, fetched via curl | bash on every CI run, turned thousands of pipelines into credential-harvesting machines without a single line of application code being touched.
What happened in the Codecov Bash Uploader breach?
An attacker modified Codecov's Bash Uploader script to siphon CI environment variables to an external server. Codecov's Docker image build process had a misconfiguration that let the attacker extract credentials needed to alter the script stored in Codecov's GCS bucket. Once modified, the script — which customers were instructed to curl and pipe directly into bash inside their CI jobs — ran with whatever access the CI environment granted it: AWS keys, GitHub tokens, npm tokens, database credentials, and internal service secrets, depending on what each pipeline exposed. Because the script executed inside the customer's own CI environment rather than on Codecov's servers, standard perimeter defenses never saw it. The exfiltration point was a server the attacker controlled, separate from any Codecov-owned infrastructure, which is part of why the tampering went unnoticed for so long.
How did attackers access Codecov's Docker image creation process?
The attacker got in through a flaw in how Codecov created its Docker images, which exposed credentials that should have stayed private. Codecov's public post-incident disclosure described the root cause as an error in the image creation process that allowed the actor to obtain access sufficient to make periodic, unauthorized modifications to the Bash Uploader script. This wasn't a phishing attack or a stolen laptop — it was a build pipeline weakness on the vendor side that gave an outsider write access to a script tens of thousands of downstream CI jobs would blindly execute. That distinction matters: the victims here were not Codecov's direct infrastructure but every customer pipeline that pulled the uploader without verifying its integrity, which is exactly the shape of a modern software supply chain attack — compromise one upstream artifact, inherit trust across every consumer.
How long did the breach go undetected, and how was it discovered?
The malicious script sat in production for about 65 days, from January 31 to April 1, 2021, before a customer noticed a hash mismatch. Codecov's own disclosure credits detection to a customer who spotted a discrepancy between the published checksum and the actual Bash Uploader script running in their pipeline — not to internal monitoring. For more than two months, every CI job that curled the script was potentially leaking secrets to an attacker-controlled endpoint, and neither Codecov nor the vast majority of its customers had any indication anything was wrong. That two-month blind spot is the recurring theme in Bash-uploader-style attacks: because the script is fetched fresh at runtime and executed immediately, there's no artifact sitting on disk for a scanner to flag later — the compromise only leaves a trace in that moment's CI logs, which most teams don't retain or diff against a known-good baseline.
What data did the malicious script exfiltrate?
The script harvested any environment variable present in the CI run and sent it to a remote server, which in practice meant credentials for whatever systems that pipeline touched. Security teams that investigated their own exposure found the exfiltrated data could include cloud provider keys (AWS, GCP), source control tokens, container registry credentials, and internal API keys — essentially the keys to everything the CI job was trusted with. Because CI environments are typically granted broad access to deploy, publish packages, and pull from private repositories, a single leaked token could cascade into unauthorized commits, package publishes, or cloud resource access well beyond the original CI job. HashiCorp's response is a useful data point: out of caution, the company rotated its GPG signing key used to sign HashiCorp releases, even without direct evidence that key had been misused, because the CI environment where it lived had run the compromised uploader.
Which companies confirmed they were affected, and what did they do?
HashiCorp, Confluent, Twilio, Rapid7, and monday.com were among the companies that publicly confirmed running the compromised Bash Uploader and disclosed their remediation steps. HashiCorp rotated its GPG signing key on April 12, 2021, out of an abundance of caution given the scope of secrets potentially exposed. Confluent and Rapid7 published their own incident notes detailing credential rotation across affected pipelines. The common thread across every disclosure was the same triage sequence: identify every CI pipeline that had pulled the uploader during the 65-day window, enumerate every secret those pipelines could see, rotate all of them, and audit downstream systems for signs the credentials had already been used. For organizations with dozens of repositories and shared CI templates, that meant rotating secrets across systems that had nothing to do with code coverage in the first place — the blast radius of the compromise vastly exceeded the footprint of the tool itself.
What does the Codecov breach reveal about CI/CD supply chain risk?
It shows that a CI pipeline's trust boundary is only as strong as every third-party script it executes, and most teams have no inventory of what that includes. The Bash Uploader wasn't a dependency listed in a package.json or requirements.txt — it was a curl | bash line embedded directly in CI YAML, invisible to SCA tools, SBOM generators that only scan declared dependencies, and most vendor risk questionnaires. That's precisely the gap attackers exploit in build-tool and CI-script attacks: the artifact never touches a package registry, so it never shows up in a software bill of materials unless something is specifically watching CI configuration and runtime behavior. Five years on, the same pattern recurs in different forms — compromised GitHub Actions, poisoned npm postinstall scripts, tampered Docker base images — because CI environments remain high-trust, low-visibility territory for most security programs.
How Safeguard Helps
Safeguard treats CI/CD pipelines and third-party build scripts as first-class attack surface, not a blind spot outside the SBOM. Griffin AI continuously ingests SBOMs and CI configuration to flag unverified curl | bash patterns, unpinned script fetches, and third-party uploaders like Codecov's — the exact class of dependency that traditional SCA tools miss because it's never declared in a manifest. Reachability analysis distinguishes CI secrets and tokens that are actually exposed to a given pipeline step from those that are theoretically present but unreachable, so incident response teams can scope credential rotation precisely instead of rotating everything by default. When Safeguard detects a risky or tampered build script, it can open an auto-fix PR that pins the dependency to a verified hash or swaps it for a vetted alternative, closing the exact gap that let the Codecov compromise run undetected for 65 days.