PDF
Security firm Rapid7 has confirmed attackers have accessed a subset of its source code, which contained internal credentials and alert-related data, following an investigation launched after the Codecov supply chain attack.
Codecov, which provides tools to verify how well software tests cover code in development, announced the attack on April 15. Attackers had modified its Bash Uploader Script to export sensitive data, including credentials, software tokens, and keys, Codecov said. It advised clients to create a list of credentials that its software could access and consider them compromised.
Rapid7 launched an incident response process. It notes its use of the Bash Uploader script was limited; it had been deployed on a continuous integration server used to test and build internal tooling for its managed detection and response (MDR) service.