Trivy Compromised a Second Time - Malicious v0.69.4 Release
13 points by drmorr
13 points by drmorr
It's kind of getting annoying all of these formally nice utilities that are dumb enough to use automated CI CD tools that rely on llms are getting popped! Why in the fsck are people still using GitHub Pat tokens in 2026?
Chainguard open-sourced this https://github.com/octo-sts/app
Maybe of interest for those looking for alternative.