Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[] Security notice about projects hosted on GitHub and using codecov

(cross-posted to cbi-dev)

Dear committers,

The codecov github app has recently issued a security notice You can also read about it on Ars Technica 

If you host some code of your eclipse project at GitHub and use codecov in any CI environment (Jenkins, Github actions, Circle CI, ...), we ask you to carefully read the above security notice.

The recommended action is re-roll all of your credentials, tokens, or keys located in the environment variables in your CI processes that used one of Codecov’s Bash Uploaders.

If you have any doubt, questions or need assistance with this, feel free to either reach out to webmaster@xxxxxxxxxxxreleng-team@xxxxxxxxxxxxxxxxxxxxxx or open a ticket at 


Mikaël Barbero 
Manager — Release Engineering and Technology | Eclipse Foundation
🐦 @mikbarbero
Eclipse Foundation: The Platform for Open Innovation and Collaboration

Attachment: signature.asc
Description: Message signed with OpenPGP

Back to the top