Summary On April 1, 2021, the Codecov team was alerted to a security event involving our Bash Uploader. The threat actor specifically targeted the Codecov Bash Uploader and used it to deliver a malicious payload to all Codecov users utilizing the Bash Uploader, The Codecov GitHub Action, The Codecov CircleCI Orb, and the Codecov Bitrise Step (collectively, the “Bash Uploaders”). The team immediate
![Post-Mortem / Root Cause Analysis (April 2021) - Codecov](https://cdn-ak-scissors.b.st-hatena.com/image/square/4a1e2a205a57b1859f256c1185d138050e19b041/height=288;version=1;width=512/https%3A%2F%2Fabout.codecov.io%2Fwp-content%2Fuploads%2F2022%2F04%2F0433_SocialCard_LinkedIn-100-1.jpg)