Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
ProPublica

ProPublica — Investigative Journalism and News in the Public Interest

Support journalism that speaks truth to power.