Tag: Aqua Security Trivy

DevsecOps software supply chain data, pipelines, data lineage

Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable

Jeff Burt | April 21, 2026 | Aqua Security Trivy, CI/CD cyberthreats, exposed secrets, GitHub Actions, IANS Research, malicious code, microsoft, OWASP Top 10, remote code execution, software development security, software supply chain attacks, software vulnerabilities, Tenable

A critical vulnerability in a popular Microsoft GitHub repository could allow a threat actor to easily exploit its CI/CD infrastructure to run arbitrary code in the repository and gain access to secrets, ...

supply chain, software, Checkmarx, data, Endor, SCA, supply chain, security, workflows, supply chain, software, supply chain security, appsec, polyfill, software, supply chains, DevOps, DevSecOps, Google supply chain

Sophisticated Supply Chain Attack Targeting Trivy Expands to Checkmarx, LiteLLM

Jeff Burt | March 25, 2026 | AI (Artificial Intelligence), AI supply chain attacks, Aqua Security Trivy, Checkmarx, Cloud Security, credentials, exposed secrets, GitHub Actions, LiteLLM, microsoft, Palo Alto Networks, Sysdig, TeamPCP

The supply chain attack that compromised Aqua Security’s Trivy open source security vulnerability scanner and its associated GitHub Actions earlier this month continues to expand, with software development tools from Checkmarx and ...