threesquared
commented
3 years ago Should we assume that the env script could have been modified as well? We are trying to work out potential the blast radius.
Closed threesquared closed 3 years ago
threesquared
commented
3 years ago Should we assume that the env script could have been modified as well? We are trying to work out potential the blast radius.
thomasrockhu
commented
3 years ago @threesquared at this time, our audit logging has revealed no evidence of modification of the env script. A third-party auditing team has also revealed no evidence.
We have redeployed with a known clean copy in an abundance of caution.
threesquared
commented
3 years ago Thanks for the clarification
There is no checksum provided for the
https://codecov.io/envscript, it would be great to also be able to verify this as well.Also are you able to confirm if the
envscript was modified during the last incident?