🚨 Trivy is under attack again.

Attackers force-pushed 75 of 76 tags in aquasecurity/trivy-action, impacting 10K+ workflows and turning trusted GitHub Actions into malware.

Any version ≠ v0.35.0 may execute an infostealer in CI.

Analysis forthcoming: https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise