Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,368,486
Community Members
 
Community Events
168
Community Groups

CodeCov has been breached. Do you know if Confluence is impacted?

Hi guys - Atlassian is named as a user of the CodeCov tool.

https://therecord.media/codecov-discloses-2-5-month-long-supply-chain-attack/ 

 

Do you know yet if Atlassian's products have been impacted and whether we should be concerned about the integrity or security of data we have online in Confluence or Jira?

 

 

2 answers

1 accepted

4 votes
Answer accepted

Codecov is not used as part of the products, but it is used to check coverage on some of their code bases.

So, no, my understanding is that your data is not at risk of exposure, as it's a step away from where the security hole is.  But Atlassian data about us might be.

I think this is one that Atlassian should answer, as they'll know exactly where they might have been clobbered - I've asked them to have a look.

Thanks Nic - I wasn't sure who to contact.

Frankly, nor am I. 

I have been here a while, so I've picked up some of the names to ask for some problems, but not this one.  I'm sure someone will see us soon (fwiw, my label flag is not the only "escalation"(

1 vote
Daniel Eads Atlassian Team May 06, 2021

Hi Trevor,

Check out our official response here: Atlassian's Response to the Codecov Breach 

Cheers,
Daniel

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events