Reply to post:

Codecov dev tool warns of stolen credentials from compromised script, undiscovered for two months

Anonymous Coward
Anonymous Coward

> an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script.

I guess this means a developer copied a secret key to the docker image during development and they didn't use key-file detection software as a final step before release. Like Boeing leaving tools in the aircraft body.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021