Software Supply Chain Compromise

github.com/aquasecurity/trivy is vulnerable to software supply chain compromise. The vulnerability is due to compromised credentials and non-atomic credential rotation, which allowed an attacker to publish malicious releases and modify version tags, enabling them to inject credential-stealing...