Codecov had a security incident recently that caused environments to run a hacker's bash uploader and report sensitive information to the hacker.
What 🌱
The approach our uses follow on CI for running Tuist is vulnerable to this types of hacks and therefore I think we should add some safeguards to prevent something like this from happening. Like Rails does, each release could include a checksum that we can validate when installing Tuist in a CI environment.
Context 🕵️♀️
Codecov had a security incident recently that caused environments to run a hacker's bash uploader and report sensitive information to the hacker.
What 🌱
The approach our uses follow on CI for running Tuist is vulnerable to this types of hacks and therefore I think we should add some safeguards to prevent something like this from happening. Like Rails does, each release could include a checksum that we can validate when installing Tuist in a CI environment.