CICI/CD News
LatestAuthorsGlossary
Tag

#codecov

Tagged “codecov”

1 article
Security & supply chain

The Codecov bash uploader is five years old, and the class of attack still lives in your pipeline

A retrospective on the January 2021 Codecov breach revisits how a single tampered line in the uploader turned tens of thousands of downstream CI environments into a secret exfiltration channel. The mechanism has not aged; the countermeasures are boring, and most pipelines still have not shipped them.

Jul 3, 2026 · Tomás Vega
CICI/CD News

Independent CI/CD & deployment news — concise, vendor-neutral takes on pipelines, releases and DevOps tooling.

Network

GitHub ActionsJenkinsGitHubCI/CD Glossary

About

Latest newsAuthorsRSS feedSitemapPowered by Buddy