Qodo’s Commitment to Security and Quality

Qodo, a company focused on software quality and security, recently addressed vulnerabilities in its Qodo Merge application, primarily affecting open-source repositories. The identified security issues involved potential privilege escalation on GitLab, unauthorized write access to GitHub repositories, and repository secret leakage, specifically impacting open-source projects using Qodo Merge, while private repositories and enterprise customers remained unaffected. In response, Qodo implemented fixes such as sanitizing commands, restricting parameter overrides from pull request comments, and enhancing their security protocols. The company acknowledges past communication gaps with security researchers and is committed to improving its security practices through regular audits, clearer security disclosure policies, and potential bug bounty programs. Qodo values the contributions of the security research community and aims to collaborate to enhance the security of AI-powered development tools, maintaining transparency and customer trust as core priorities.