Case study

Case Study: The Codecov Bash Uploader Compromise

· 1 min read

publishing.

In 2021, attackers modified the widely-used Codecov Bash Uploader, a script countless CI pipelines curl | bash to upload coverage reports. The change was small and went undetected for months.

What happened

Why it was dangerous

What defenders learn

How Verifi finds secret-stealing behaviour →

Secrets in Packages, Leaked and Stolen
Software Supply-Chain Security 101
Known vs Novel Malware in Dependencies

Case Study: The Codecov Bash Uploader Compromise

What happened

Why it was dangerous

What defenders learn

Case Study: The event-stream Incident

Case Study: PyTorch / torchtriton Dependency Confusion