US EditionWhat happened to Trivy’s supply chain?
This story is only covered by news sources that have yet to be evaluated by the independent media monitoring agencies we use to assess the quality and reliability of news outlets on our platform. Learn more here.2 Articles
2 Articles
From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise
While investigating a spike in script execution detections across several CrowdStrike Falcon® platform customers, CrowdStrike’s Engineering team traced the activity to a compromised GitHub Action named aquasecurity/trivy-action. This popular open-source vulnerability scanner is frequently used in CI/CD pipelines. Our investigation found that 76 of the scanner’s 77 release tags had been retroactively poisoned via git tag repointing, replacing th…
What happened to Trivy’s supply chain?
Trivy vulnerability scanner supply chain compromise Trivy, a widely used vulnerability scanner associated with Aqua Security, was compromised as part of an ongoing supply chain attack. The scope described in the coverage indicates that hackers managed to affect essentially all versions of Trivy by…
Coverage Details
Bias Distribution
- There is no tracked Bias information for the sources covering this story.
Factuality
To view factuality data please Upgrade to Premium
