undefined | Better HN

0 pointsredrove1d ago0 comments

>1. Looks like this originated from the trivvy used in our ci/cd

Were you not aware of this in the short time frame that it happened in? How come credentials were not rotated to mitigate the trivy compromise?

0 comments

The latest trivy attack was announced just yesterday. If you go out to dinner or take a night off its totally plausible to have not seen it.

afaik the trivy attack was first in the news on March 19th for the github actions and for docker images it was on March 23rd

j / k navigate · click thread line to collapse

0 pointsredrove1d ago0 comments

>1. Looks like this originated from the trivvy used in our ci/cd

Were you not aware of this in the short time frame that it happened in? How come credentials were not rotated to mitigate the trivy compromise?

The latest trivy attack was announced just yesterday. If you go out to dinner or take a night off its totally plausible to have not seen it.

afaik the trivy attack was first in the news on March 19th for the github actions and for docker images it was on March 23rd

j / k navigate · click thread line to collapse