Attackers Compromised Code-Checking Vendor’s Tool for Two Months. Code-checking firm CodeCov says it has brought in federal law enforcement to investigate. Attackers likely had access to the system since the end of January, according to the company’s investigation. The company recommends that clients use a script to create a list of credentials that could be accessed by its software and consider those credentials and secrets compromised. The attack is reminiscent of the SolarWinds compromise, says Vdoo’s chief technology officer.”]