@codecov Hi Codecov how do I delete my account? The option to contact support takes me to a Zendesk page that I have no account for--trying to create one fails and trying to login with any of the Codecov credentials fails. Password reset does not work.

for no particular reason whatsoever, I've updated my guide on how to measure #Python coverage across GitHub Action containers without an external service (*cough* Codecov *cough*) hynek.me/articles/ditch-code…

Just as I'd talked myself out of building something to take the place of Codecov in my stack, they go and brick every CI job that uploads a report. They've lost access to their keybase, and none of the actions have verifiable GPG signatures any more. Fun. Maybe...?

XZ Utils. Codecov. SolarWinds. Every major supply chain attack follows the same question after: "What were your components at the time of the incident?" If your answer is a spreadsheet, you don't have an answer. cbomcompliance.com issues a cryptographically signed receipt at capture time. Timestamped. Verifiable. Permanent. cbomcompliance.com #SBOM #SupplyChainSecurity

Welcome to the @harnessio team, @codecov! As AI accelerates software development, trusted testing and coverage signals are becoming more critical than ever for teams shipping code with confidence. Massive credit to the Codecov engineers joining us — they built a product thousands of teams rely on every day, and we’re excited to keep building on that foundation together.

Big news. Codecov has a new home at Harness. Here's the part you are probably looking for. harness.io/press-and-news/ha…

@Codecov is now part of @Harnessio. 🎉 Agents are writing more code than your team can review. Coverage is one of the only signals that still tells the truth about what's tested — and it belongs in the delivery pipeline. Now it's there. bit.ly/4dJfmFp

Github student developer pack benefits: ➜ GitHub Pro ➜ GitHub Copilot Pro ➜ GitHub Codespaces ➜ GitHub Pages ➜ GitHub Desktop ➜ GitHub Campus Experts ➜ GitHub Foundations Certification Resources ➜ DigitalOcean ($200 Credits) ➜ Microsoft Azure ($100 Credits) ➜ Microsoft Azure (Ages 13–17) ➜ Appwrite Education Plan ➜ Heroku Credits ➜ Camber Student Plan ➜ LocalStack Pro ➜ New Relic ➜ Datadog Pro ➜ CARTO ➜ Zyte Scrapy Cloud ➜ Namecheap Free .me Domain ➜ Namecheap Free SSL Certificate ➜ Name.com Free Domain ➜ .TECH Domain (1 Year Free) ➜ JetBrains All Products Pack ➜ Visual Studio Code Learning Packs ➜ Visual Studio Dev Essentials ➜ Bootstrap Studio ➜ BrowserStack ➜ LambdaTest ➜ GitKraken Student Plan ➜ GitLens Student Plan ➜ Tower Pro ➜ SQLGate ➜ Working Copy Pro ➜ Termius Pro ➜ Testmail Essential ➜ Requestly Professional ➜ Codecov ➜ CodeScene ➜ DeepScan ➜ Imgbot ➜ Travis CI ➜ Blackfire ➜ POEditor ➜ PopSQL ➜ ToDiagram Pro ➜ ConfigCat ➜ DevCycle ➜ Doppler Team ➜ Clerk Pro ➜ Sentry ➜ Pageclip ➜ MongoDB Atlas Credits ➜ Stripe Fee Waiver ➜ Mail Testing APIs ➜ Blockchair APIs ➜ Vaadin Pro ➜ Adafruit IO ➜ Arduino Cloud ➜ Simple Analytics ➜ Frontend Masters ➜ Educative ➜ DataCamp ➜ Boot.dev ➜ Scrimba Pro ➜ Codédex Club ➜ GoRails ➜ SymfonyCasts ➜ Interview Cake ➜ AlgoExpert ➜ AI Prompting & Technical Writing Resources ➜ Intro to Open Source Resources ➜ Intro to Web Development Resources ➜ Mobile App Development Resources ➜ Data Science & Machine Learning Resources ➜ Notion Education AI ➜ Notion Template Collection ➜ Microsoft 365 Education ➜ PomoDone Lite ➜ HazeOver ➜ Visme Starter ➜ SlideCoach Credits ➜ 1Password (1 Year Free) ➜ Dashlane Premium ➜ Astra Security ➜ Honeybadger ➜ Datadog Monitoring ➜ IconScout Premium Assets ➜ Icons8 Subscription ➜ Polypane ➜ Xojo Pro ➜ Themeisle Neve Agency Theme ➜ Deepnote Team Plan ➜ Appfigures Analytics ➜ Camber Research Tools Grab your Student ID, claim the GitHub Student Developer Pack, and unlock thousands of dollars worth of premium developer tools for FREE! 🎓

My new toothbrush is bluetooth connected to a mobile app and it's basically codecov for your teeth

indexion v0.16.0 - plan コマンドが lcov .info / coverage.xml (Cobertura) を出力可能に。Codecov / SonarQube / GitLab のカバレッジビューにそのまま流せます - spec vocabulary — 仕様・実装の用語ドリフトを n:m で検出（KGFベース、クロスランゲージ対応） github.com/trkbt10/indexion

Now that along with synthetic patient data, we'll play a crucial role in their infection game. Evaluating Synthea: Comprehensive Analysis of a Leading Synthesized Medical Record Generator ohdsi.org/wp-content/uploads… A 1,162,848 person sample of Synthea data was generated using version 2.7 of the tool. The only parameter given at the time of generation was that the patients should all be modeled from the state of California. The sample was then converted to the Observational Medical Outcomes Partnership Common Data Model (CDM) using the ETL-Synthea R package version 1.0. General database characterizations were generated using the Achilles R package version 1.7. ETL-Synthea R Package A package supporting the conversion from Synthea CSV to OMOP CDM. github.com/ohdsi/ETL-Synthea Docs ohdsi.github.io/ETL-Synthea/ Achilles R Package Automated Characterization of Health Information at Large-scale Longitudinal Evidence Systems (ACHILLES) - descriptive statistics about a OMOP CDM database. github.com/ohdsi/Achilles Docs ohdsi.github.io/Achilles/ This will also be used for the merger aka BioDigital Convergence. Here's how we know synthetic gene integration for synthetic gene networks is crucial and a part of the foundation for the new upcoming system. Inferno HealthIT FHIR Gene Integration FHIR (Fast Healthcare Interoperability Resources) is being used to integrate synthetic gene data into clinical systems, enabling the standardization and interoperability of genomic information. The HL7 Clinical Genomics Work Group is developing standards for reporting structured genomic data using FHIR, which is crucial for accelerating the integration of precision medicine and making sense of genetic testing results in a complete clinical context. Synthea, a synthetic patient population simulator, outputs patient records in FHIR formats, generating realistic but not real patient data and associated health records. This data can be used to support the development and testing of health IT systems, including those that handle genomic data. Sync for Genes, a project launched in 2017, aims to standardize the sharing of genomic information among laboratories, providers, patients, and researchers. It advances the development and use of industry-supported standards for sharing and integrating genomic information, such as via FHIR. The project includes phases that demonstrate the exchange of genomic test results and the integration of genomic data generated by laboratories into clinical systems. The use of FHIR for genomics also facilitates pharmacogenomics by allowing healthcare providers to access detailed pharmacogenomic reports that guide medication selection and dosage based on a patient's genetic profile. FHIR is being utilized to standardize and simplify the exchange of clinical genomic data, allowing healthcare providers to efficiently integrate and analyze genetic information within EHRs, thereby enhancing personalized treatment plans and clinical decision-making. Genomics in FHIR The era of precision medicine-- an emerging approach for disease treatment and prevention that takes into account individual variability in genes, environment, and lifestyle for each person is upon us. hl7.org/fhir/genomics.html HealthIT (Inferno) Sync for Genes Sync for Genes, launched in 2017, aims to standardize the sharing of genomic information among laboratories, providers, patients, and researchers. The project advances the development and use of industry-supported standards for the sharing and integration of genomic information in a consistent and usable way. healthit.gov/topic/sync-gene… Synthetic Patient Population Simulator synthetichealth.github.io/sy… CodeCov app.codecov.io/gh/synthetich… SyntheaTM is a Synthetic Patient Population Simulator. The goal is to output synthetic, realistic (but not real), patient data and associated health records in a variety of formats. github.com/synthetichealth/s… Project Genome X - FHIR confluence.hl7.org/spaces/CO…

GitHub が Codecov を潰しにきてる？👀 github.blog/changelog/2026-0…

AWS TerraformのCI/CDをGitHub Actionsで分離。CIはRead Only、CDはWriteと権限を分け、Codecov・Trivy事件のサプライチェーン攻撃に対処。OIDC・SHAピン留め・最小権限の3原則と環境別承認フローで本番への直接被害を防ぐ / CI/CDを分離した権限設計について考えてみる engineers.fenrir-inc.com/ent…

#DidYouKnow Recently, cybersecurity researchers uncovered details of the “Mini Shai-Hulud” malware campaign — a sophisticated attack that targeted software developers by hijacking trusted GitHub repositories. The incident highlighted how modern cyberattacks increasingly exploit the software supply chain instead of attacking users directly. “Shai-Hulud” is a reference to the giant sandworms from Frank Herbert’s Dune universe. The malware earned attention because it silently spread through compromised developer environments, much like a hidden predator beneath the sand. The attackers reportedly targeted developer tokens, credentials, and repository access. Once compromised, malicious code could be inserted into legitimate projects, potentially affecting thousands of downstream users. This is what makes supply-chain attacks so dangerous. Unlike traditional malware that spreads through suspicious downloads, supply-chain malware hides inside software people already trust. Developers may unknowingly install infected dependencies, libraries, or updates from legitimate-looking sources. The attack reminded organizations of earlier incidents like: - SolarWinds - Codecov - 3CX supply-chain compromise All showed a harsh reality: even trusted software ecosystems can become attack vectors. Researchers emphasized the importance of: - Multi-factor authentication - Secure token storage - Dependency verification - Signed commits and releases - Continuous monitoring of repositories Small security gaps in developer workflows can have massive impact. One major lesson from the Mini Shai-Hulud incident: Cybersecurity is no longer only about protecting endpoints — it’s about protecting the entire software development lifecycle. From code commit → CI/CD → deployment. As open-source software powers much of the internet, attacks targeting developers and repositories are expected to rise further in the coming years. Security experts now call software supply-chain security one of the biggest cyber challenges of the decade. The Mini Shai-Hulud malware campaign became another warning that trust itself can be weaponized in cyberspace. In cybersecurity, even a tiny hidden change in code can ripple across the world. Follow, share, like and click on 🔔 icon for more stories #OnThisDay.

非公開リポジトリで使用していたサードパーティ製のツール（Codecov）経由で認証情報が取得されたという事案です。 （リポジトリが非公開状態だったと直接的には書かれていませんが、「不正アクセス」「流出」と言っているということは非公開だったということでしょう） about.mercari.com/press/news…

Umm...hello? codecov bot just commented on a 4 year old merged PR! WOW! 🤦‍♂️

Real hacks caused by just a bad Dockerfile. Buckle up Codecov, 2021 - attacker pulled a GCP HMAC key out of an intermediate layer of their public Docker image. One leaked credential → 2 months of silent CI pilfering → Twilio, HashiCorp, Rapid7, ~29k customers affected. Root fix? Squashed/multi-stage builds. That's it. That's the tweet. Vine, 2016 - researcher found `docker.vineapp.com` publicly pullable, grabbed `vinewww`, and boom: entire source code, API keys, third-party secrets. Dude literally ran a Vine clone on his laptop. $10,080 bounty, fixed in 5 minutes. The spicy part nobody gets: `RUN rm .env` does NOT delete your secrets. Layers are immutable, fam. The .env lives forever one `docker history` away. RWTH Aachen scanned ~400k Dockerhub images → 9% leaking secrets. 52,107 private keys just chillin. Tldr most of this is caught by hadolint trivy dockle in your CI. 30 seconds of linting vs. a 3-month supply chain breach. Idk man, seems like a trade. moral of the story: your Dockerfile is production code. treat it like one enter droast - a Rust dockerfile linter that roasts bad practices instead of politely suggesting. 60 rules (and growing), catches exactly this kinda stuff: DF013 secrets in ENV, DF001 "latest" tags, DF021 curl | sh, DF034 chmod 777, etc install it with cargo or just "docker run" - zero setup, ships JSON/GitHub/compact output for CI → github.com/immanuwell/docker… lint your Dockerfile or become someone's post-mortem #docker #devops #kubernetes #backend #linux #rust #sre #containers

【インシデント対応ガイド】TeamPCPサプライチェーン攻撃への実践的対応フレームワーク公開 Endor Labsが、TeamPCPによるサプライチェーン攻撃への対応ガイドを公開した。同社自身がこのインシデントへの対応プロセスを経験した立場から、調査・修復・環境強化の実践的フレームワークを提供している。 TeamPCP攻撃は、Trivyリポジトリ内のGitHub Actionの侵害からわずか6日間で多ベクター型サプライチェーンキャンペーンへと進化した。影響範囲はnpmパッケージ、Pythonライブラリ、コンテナイメージ、IDE拡張機能、CI/CDパイプラインに及び、数千の組織が影響を受けている。 被害は拡大を続けており、LiteLLM（1日360万ダウンロード）、CanisterWormによる60以上のnpmパッケージ、CheckmarxのKICS GitHub Actions、数十の改ざんされたリポジトリが影響を受け、標的型ワイパーコンポーネントも発見されている。すべては単一の窃取されたトークンから始まった。 本ガイドはSolarWinds、Codecovから続くサプライチェーン攻撃の進化の一部として本インシデントを位置づけ、攻撃がより高速化・自動化し、封じ込めが困難になっている現状を指摘している。ガイドには調査、修復、予防にわたる具体的なフレームワークが含まれており、同様のインシデントに直面する組織にとって実用的な参考資料となる。 endorlabs.com/learn/a-practi…

thanks @codecov for this 5-year-delayed summary comment github.com/ljharb/unbox-prim… :-p glad to finally have the closure of knowing i have full coverage, i'll be able to sleep at night now