Comment by redrove
2 days ago
>1. Looks like this originated from the trivvy used in our ci/cd
Were you not aware of this in the short time frame that it happened in? How come credentials were not rotated to mitigate the trivy compromise?
2 days ago
>1. Looks like this originated from the trivvy used in our ci/cd
Were you not aware of this in the short time frame that it happened in? How come credentials were not rotated to mitigate the trivy compromise?
The latest trivy attack was announced just yesterday. If you go out to dinner or take a night off its totally plausible to have not seen it.
afaik the trivy attack was first in the news on March 19th for the github actions and for docker images it was on March 23rd
[flagged]
Probably more "serious human" than "serious over-capitalist" or "seriously overworked". Good for them.