Bash Uploader Identity-based compromise

[Gavin Hindman]

Another identity-based supply chain attack for review:

https://about.codecov.io/security-update/

"On Thursday, April 1, 2021, we learned that someone had gained unauthorized access to our Bash Uploader script and modified it without our permission. The actor gained access because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script."