Security News > 2021 > June > CodeCov Kills Off Bash Uploader Blamed for Supply Chain Hack
Following a major software supply chain compromise that exposed data for several major companies, developer tools startup CodeCov plans to kill off the Bash Uploader tool that was responsible for the breach.
CodeCov, a little-known startup considered the vendor of choice for measuring code coverage in the tech industry, has shipped an entirely new Uploader using NodeJS to replace the Bash Uploader dev tool that was compromised in a recent software supply chain attack.
"We initiated this project because, as usage of Codecov has grown and our development velocity has increased, the Bash Uploader has become increasingly complex to properly maintain," CodeCov said.
"To combat this incident from a product perspective we initially provided better documentation on how to verify the Codecov Bash Uploader until our new Uploader was complete, but our ultimate long-term goal has always been to replace the Bash Uploader altogether, '' the company said in a blog post."
The CodeCov supply chain hack occurred in January 2021 but was only discovered in the wild by a Codecov customer on the morning of April 1, 2021.
Separately, enterprise security vendor Rapid7 says an unauthorized third-party accessed source code and customer data during the Codecov supply chain breach.