Comment by 6thbit
2 days ago
title is bit misleading.
The package was directly compromised, not “by supply chain attack”.
If you use the compromised package, your supply chain is compromised.
2 days ago
title is bit misleading.
The package was directly compromised, not “by supply chain attack”.
If you use the compromised package, your supply chain is compromised.
It's both. They got compromised by another supply chain attack on Trivy initially.