Reply to post:

Codecov dev tool warns of stolen credentials from compromised script, undiscovered for two months

A random security guy Bronze badge

The usual answer I get from developers is: How ill anyone even know I have a key hidden in the binary? You can't expect them to run the software through a filter. I have one case where the key is compiled into the firmware and is present in the source code in GitHub but doesn't use GitHub secrets.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021