Kevin Beaumont3d ago
Aqua Security Trivy had another supply chain compromise, I don’t know if they’ve disclosed yet. https://github.com/aquasecurity/trivy/discussions/10420
Why did this discussion about the Trivy incident get removed/closed · aquasecurity trivy · Discussion #10420

https://github.com/aquasecurity/trivy/discussions/10265 Why did this get removed when active discussion on a new (maybe related) incident was happening?

GitHub
Show threadoddbjorn
@GossiTheDog Reported here 23 hours ago: https://opensourcemalware.com/repository/https%3A%2F%2Fgithub.com%2Faquasecurity%2Ftrivy%2F
OpenSourceMalware.com - Community Threat Intelligence

Security professionals sharing intelligence on malicious packages, repositories, and CDNs to protect the open source ecosystem.

Mar 20 at 10:23pmWeb