{"id":15276,"date":"2026-04-24T04:09:11","date_gmt":"2026-04-23T19:09:11","guid":{"rendered":"https:\/\/jore2.com\/community-6101-bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign\/"},"modified":"2026-04-24T04:09:11","modified_gmt":"2026-04-23T19:09:11","slug":"community-6101-bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign","status":"publish","type":"post","link":"https:\/\/jore2.com\/?p=15276","title":{"rendered":"\ucf54\ub4dc \ud55c \uc904\uc758 \ud754\ub4e4\ub9bc, Bitwarden CLI \ub97c \ub36e\uce5c \uacf5\uae09\ub9dd\uc758 \uadf8\ub9bc\uc790"},"content":{"rendered":"<div class=\"jore2-editor-byline\">\n<p><strong>\ubc30\uc18c\ub77c<\/strong><\/p>\n<\/div>\n<p>\uac1c\ubc1c\uc790\ub4e4\uc758 \uc77c\uc0c1 \uc18d\uc5d0 \uae4a\uc219\uc774 \uc790\ub9ac \uc7a1\uc740 \ub3c4\uad6c\ub4e4\uc774 \uac11\uc790\uae30 \ubd88\uc548\ud55c \uc2e0\ud638\ub97c \ubcf4\ub0b4\uace0 \uc788\uc2b5\ub2c8\ub2e4. \ucd5c\uadfc Bitwarden CLI \uc758 \ucd5c\uc2e0 \ubc84\uc804\uc778 2026.4.0 \uc774 \uc545\uc131 \ucf54\ub4dc\ub97c \ud3ec\ud568\ud558\uace0 \uc788\ub2e4\ub294 \uc0ac\uc2e4\uc774 \uc54c\ub824\uc9c0\uba74\uc11c, \uc804 \uc138\uacc4 \uac1c\ubc1c \ucee4\ubba4\ub2c8\ud2f0\uc5d0 \uc791\uc740 \ud30c\ubb38\uc774 \uc77c\uc5c8\uc2b5\ub2c8\ub2e4. \uc774\ub294 \ub2e8\uc21c\ud55c \ubc84\uadf8 \uc218\uc815\uc774\ub098 \uc5c5\ub370\uc774\ud2b8 \uc2e4\uc218\uac00 \uc544\ub2c8\ub77c, Checkmarx \uac00 \uc8fc\ub3c4\ud558\ub294 ongoing supply chain campaign \uc758 \uc77c\ud658\uc73c\ub85c \ubc1c\uc0dd\ud55c \uc0ac\uac74\uc785\ub2c8\ub2e4. \uacf5\uaca9\uc790\ub4e4\uc740 Bitwarden \uc758 CI\/CD \ud30c\uc774\ud504\ub77c\uc778\uc5d0 \uc0ac\uc6a9\ub41c GitHub Action \uc744 \uad50\ubb18\ud788 \uc870\uc791\ud574, \uc815\uc0c1\uc801\uc778 \ube4c\ub4dc \uacfc\uc815\uc5d0 \uc545\uc131 \ucf54\ub4dc\ub97c \uc2ec\uc5b4\ub193\uc558\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc774 \uc18c\uc2dd\uc774 \ud2b9\ud788 \ub728\uac70\uc6b4 \uc774\uc720\ub294 \uacfc\uac70\uc758 \uc720\uc0ac\ud55c \uc0ac\ub840\ub4e4\uc744 \ub5a0\uc62c\ub9ac\uac8c \ud558\uae30 \ub54c\ubb38\uc785\ub2c8\ub2e4. npm, pnpm, yarn \ub4f1 \ud328\ud0a4\uc9c0 \ub9e4\ub2c8\uc800\ub97c \ud1b5\ud574 \uc124\uce58\ub418\ub294 \ub77c\uc774\ube0c\ub7ec\ub9ac\ub4e4\uc774 \uacf5\uae09\ub9dd \uacf5\uaca9\uc758 \uc8fc\uc694 \ud45c\uc801\uc774 \ub418\uc5b4\uc628 \uc5ed\uc0ac\uac00 \uc788\uae30 \ub54c\ubb38\uc785\ub2c8\ub2e4. \uc2e4\uc81c\ub85c \uc774\ubc88 \uc0ac\uac74\uc740 axios, ua-parser-js, node-ipc \ub4f1\uc774 \uc9e7\uc740 \uc2dc\uac04 \ub0b4\uc5d0 \uc545\uc131 \ubc84\uc804\uc73c\ub85c \uad50\uccb4\ub418\uac70\ub098 \uc81c\uac70\ub41c \uc0ac\ub840\ub4e4\uacfc \ub9e5\uc744 \uac19\uc774\ud569\ub2c8\ub2e4. \ud2b9\ud788 \ucd5c\uadfc\uc5d0\ub294 event-stream \ucc98\ub7fc \ub450 \ub2ec \uc774\uc0c1 \uc545\uc131 \ucf54\ub4dc\uac00 \ubc29\uce58\ub418\uae30\ub3c4 \ud588\ub358 \uc804\ub840\uac00 \uc788\uc5b4, \uac1c\ubc1c\uc790\ub4e4\uc774 \ub354 \uc774\uc0c1 &#8216;\uc2e0\ub8b0&#8217;\ub9cc\uc73c\ub85c \uc758\uc874\uc131\uc744 \uad00\ub9ac\ud558\uae30\uc5d4 \uc704\ud5d8\uc774 \ud06c\ub2e4\ub294 \uc778\uc2dd\uc774 \ud37c\uc9c0\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc774\ub7ec\ud55c \ud750\ub984 \uc18d\uc5d0\uc11c \uac1c\ubc1c\uc790\ub4e4 \uc0ac\uc774\uc5d0\uc11c\ub294 &#8216;\ucd5c\uc18c \ucd9c\uc2dc \ub098\uc774(min-release-age)&#8217; \uc124\uc815\uc774 \uc0c8\ub85c\uc6b4 \ubc29\uc5b4 \uae30\uc81c\ub85c \uc8fc\ubaa9\ubc1b\uace0 \uc788\uc2b5\ub2c8\ub2e4. npm 11.10 \uc774\uc0c1 \ubc84\uc804\uc5d0\uc11c .npmrc \ud30c\uc77c\uc5d0 min-release-age=7 \uacfc \uac19\uc740 \uc124\uc815\uc744 \ucd94\uac00\ud558\uba74, \ucd9c\uc2dc\ub41c \uc9c0 7 \uc77c \uc774\ub0b4\uc778 \ud328\ud0a4\uc9c0\ub294 \uc790\ub3d9\uc73c\ub85c \uc81c\uc678\ud558\uac70\ub098 \uacbd\uace0\ub97c \ub744\uc6b8 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ub294 \uc545\uc131 \ucf54\ub4dc\uac00 \uc0bd\uc785\ub41c \uc9c1\ud6c4\uc778 19 \uc2dc\uac04 \ub9cc\uc5d0 \ubc30\ud3ec\ub41c Bitwarden CLI 2026.4.0 \uacfc \uac19\uc740 \uacbd\uc6b0\ub97c \uc120\uc81c\uc801\uc73c\ub85c \ucc28\ub2e8\ud560 \uc218 \uc788\ub294 \uc2e4\uc6a9\uc801\uc778 \ubc29\ubc95\uc785\ub2c8\ub2e4. pnpm \uc758 \uacbd\uc6b0 \ubd84 \ub2e8\uc704 \uc124\uc815, Bun \uc740 \ucd08 \ub2e8\uc704 \uc124\uc815\uc744 \ud1b5\ud574 \ub354 \uc815\uad50\ud558\uac8c \uc2dc\uac04\uc744 \uc81c\uc5b4\ud560 \uc218 \uc788\uc73c\uba70, uv \ub3c4 \uc720\uc0ac\ud55c exclude-newer \uc635\uc158\uc744 \uc81c\uacf5\ud569\ub2c8\ub2e4.<\/p>\n<p>\ud558\uc9c0\ub9cc \uc124\uc815\ub9cc\uc73c\ub85c \ubaa8\ub4e0 \uac83\uc744 \ub9c9\uc744 \uc218\ub294 \uc5c6\ub2e4\ub294 \ub0c9\uc815\ud55c \ud604\uc2e4\ub3c4 \uc874\uc7ac\ud569\ub2c8\ub2e4. \uacf5\uaca9\uc774 \ubc1c\uc0dd\ud558\uace0 \uc81c\uac70\ub418\uae30\uae4c\uc9c0\uc758 \uc2dc\uac04\ucc28\uac00 \uc9e7\ub2e4\uba74 \uc124\uc815\uc774 \ubb34\uc6a9\uc9c0\ubb3c\uc774 \ub420 \uc218 \uc788\uc73c\uba70, \uc624\ub798 \ubc29\uce58\ub41c \uacbd\uc6b0\ub77c\uba74 \ub354\uc6b1 \uce58\uba85\uc801\uc77c \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774\uc5d0 \ub530\ub77c \uac1c\ubc1c\uc790\ub4e4\uc740 \ub2e8\uc21c\ud788 \uc124\uc815\uc744 \ubcc0\uacbd\ud558\ub294 \uac83\uc744 \ub118\uc5b4, \uc790\uc2e0\uc758 \uc758\uc874\uc131 \ud2b8\ub9ac\ub97c \uc790\ub3d9\uc73c\ub85c \uc810\uac80\ud558\uace0 \uc218\uc815\ud574 \uc8fc\ub294 \ub3c4\uad6c\ub4e4\uc5d0 \uad00\uc2ec\uc744 \ubcf4\uc774\uace0 \uc788\uc2b5\ub2c8\ub2e4. depsguard \ub098 cooldowns.dev \uac19\uc740 \uc624\ud508 \uc18c\uc2a4 \ud504\ub85c\uc81d\ud2b8\uac00 \ub4f1\uc7a5\ud55c \uac83\ub3c4 \uc774\ub7ec\ud55c \ub2c8\uc988\ub97c \ubc18\uc601\ud55c \uacb0\uacfc\uc785\ub2c8\ub2e4. \ud2b9\ud788 Rust \uae30\ubc18\uc758 rbw \uac19\uc740 \ub300\uc548 \ub3c4\uad6c\uac00 \uc8fc\ubaa9\ubc1b\ub294 \uc774\uc720\ub294, \uc790\ubc14\uc2a4\ud06c\ub9bd\ud2b8 \uc0dd\ud0dc\uacc4\uc5d0 \ube44\ud574 \uc758\uc874\uc131 \ud2b8\ub9ac\uac00 \uc595\uace0 \uc2e0\ub8b0\ud574\uc57c \ud560 \uc791\uc131\uc790\uac00 \uc801\uc5b4 \uc0c1\ub300\uc801\uc73c\ub85c \uc548\uc804\ud558\ub2e4\ub294 \uc810 \ub54c\ubb38\uc785\ub2c8\ub2e4.<\/p>\n<p>\uc774\ubc88 Bitwarden CLI \uc0ac\ud0dc\ub294 \ub514\uc9c0\ud138 \uc2dc\ub300\uc758 \uacf5\uae09\ub9dd\uc774 \uc5bc\ub9c8\ub098 \ucde8\uc57d\ud560 \uc218 \uc788\ub294\uc9c0\ub97c \ub2e4\uc2dc \ud55c\ubc88 \uc77c\uae68\uc6cc\uc90d\ub2c8\ub2e4. \ud55c \ubc88\uc758 CI\/CD \ud30c\uc774\ud504\ub77c\uc778 \uc870\uc791\uc774 \uc804 \uc138\uacc4 \uc0ac\uc6a9\uc790\uc758 \ube44\ubc00\ubc88\ud638 \uad00\ub9ac \ub3c4\uad6c\uae4c\uc9c0 \uc704\ud611\ud560 \uc218 \uc788\ub2e4\ub294 \uc0ac\uc2e4\uc740, \uc6b0\ub9ac\uac00 \ub9e4\uc77c \uc0ac\uc6a9\ud558\ub294 \uc18c\ud504\ud2b8\uc6e8\uc5b4\uc758 \uc774\uba74\uc5d0 \uc228\uaca8\uc9c4 \ubcf5\uc7a1\ud55c \uc5f0\uacb0 \uace0\ub9ac\ub97c \uc0c1\uae30\uc2dc\ud0b5\ub2c8\ub2e4. \uc55e\uc73c\ub85c\ub294 \ub2e8\uc21c\ud55c \uae30\ub2a5 \uc5c5\ub370\uc774\ud2b8\ub97c \ub118\uc5b4, \uacf5\uae09\ub9dd\uc758 \ubb34\uacb0\uc131\uc744 \uac80\uc99d\ud558\ub294 \uacfc\uc815\uc774 \uac1c\ubc1c \uc6cc\ud06c\ud50c\ub85c\uc6b0\uc758 \ud544\uc218 \ub2e8\uacc4\ub85c \uc790\ub9ac \uc7a1\uc744 \uac83\uc73c\ub85c \ubcf4\uc785\ub2c8\ub2e4.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ud3c9\uc18c \uc2e0\ub8b0\ud558\ub358 \ube44\ubc00\ubc88\ud638 \uad00\ub9ac \ub3c4\uad6c\uc758 \uba85\ub839\uc904 \uc778\ud130\ud398\uc774\uc2a4\uac00 \uac11\uc790\uae30 \uc545\uc131 \ucf54\ub4dc\ub97c \ud488\uace0 \ub4f1\uc7a5\ud588\uc2b5\ub2c8\ub2e4. Checkmarx \uc758 \uc9c0\uc18d\uc801\uc778 \uacf5\uae09\ub9dd \uacf5\uaca9 \ucea0\ud398\uc778\uc774 \uc774\ubc88 \uc0ac\ud0dc\uc758 \ud575\uc2ec \uc5f4\uc1e0\ub85c, \uac1c\ubc1c\uc790\ub4e4\uc758 \uacbd\uacc4\uc2ec\uc744 \ud55c\uc21c\uac04\uc5d0 \ub192\uc600\uc2b5\ub2c8\ub2e4.<\/p>\n","protected":false},"author":11,"featured_media":15275,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[406],"tags":[10301,10303,8737,10302,10305,10304],"class_list":["post-15276","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-406","tag-bitwarden","tag-checkmarx","tag-cli","tag-10302","tag-10305","tag-10304"],"featured_image_urls":{"full":["https:\/\/jore2.com\/wp-content\/uploads\/2026\/04\/community-6101-bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign.png",1200,630,false],"thumbnail":["https:\/\/jore2.com\/wp-content\/uploads\/2026\/04\/community-6101-bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign-150x150.png",150,150,true],"medium":["https:\/\/jore2.com\/wp-content\/uploads\/2026\/04\/community-6101-bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign-300x158.png",300,158,true],"medium_large":["https:\/\/jore2.com\/wp-content\/uploads\/2026\/04\/community-6101-bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign-768x403.png",640,336,true],"large":["https:\/\/jore2.com\/wp-content\/uploads\/2026\/04\/community-6101-bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign-1024x538.png",640,336,true],"1536x1536":["https:\/\/jore2.com\/wp-content\/uploads\/2026\/04\/community-6101-bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign.png",1200,630,false],"2048x2048":["https:\/\/jore2.com\/wp-content\/uploads\/2026\/04\/community-6101-bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign.png",1200,630,false],"morenews-large":["https:\/\/jore2.com\/wp-content\/uploads\/2026\/04\/community-6101-bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign-825x575.png",825,575,true],"morenews-medium":["https:\/\/jore2.com\/wp-content\/uploads\/2026\/04\/community-6101-bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign-590x410.png",590,410,true]},"author_info":{"info":["\ubc30\uc18c\ub77c"]},"category_info":"<a href=\"https:\/\/jore2.com\/?cat=406\" rel=\"category\">\uc694\uc998\ub728\ub294\uc18c\uc2dd<\/a>","tag_info":"\uc694\uc998\ub728\ub294\uc18c\uc2dd","comment_count":"0","_links":{"self":[{"href":"https:\/\/jore2.com\/index.php?rest_route=\/wp\/v2\/posts\/15276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jore2.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jore2.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jore2.com\/index.php?rest_route=\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/jore2.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15276"}],"version-history":[{"count":0,"href":"https:\/\/jore2.com\/index.php?rest_route=\/wp\/v2\/posts\/15276\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jore2.com\/index.php?rest_route=\/wp\/v2\/media\/15275"}],"wp:attachment":[{"href":"https:\/\/jore2.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15276"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jore2.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15276"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jore2.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}