Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
www.csoonline.com
‘If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.
  • ryannathans@aussie.zoneEnglish
    6·
    2 months ago

    Vulnerability scanner backdoored? Well that’s ironic

    fun vulnerabilityDetected() { return true }

  • _hovi_@lemmy.worldEnglish
    1·
    2 months ago

    Am I going insane or is this a huge deal - litellm was confirmed compromised, but who knows what other projects got affected. I’m surprised I’m not seeing this everywhere, or at least more discussion about it