Codecov API key

Bridgecrew Policy ID: BC_GIT_30
Chekov Check ID: CKV_SECRET_30
Severity: LOW

Codecov API key


Codecov is a tool that is used to measure the test coverage of your codebase. It generally calculates the coverage ratio by examining which lines of code were executed while running the unit tests. When linking a GitHub account to Codecov, the service can be restricted to public repositories only, or be allowed to access private repositories as well.

Fix - Buildtime


Step 1: Revoke the key

  1. In Codecov, click on Settings
  2. Click on API in the left sidebar
  3. Find the API key exposed and click on Revoke

Step 2: Monitor for abuse of the credential