Trivy是Aqua Security维护的一款热门开源漏洞扫描器，在一个月内第二次遭到攻击，恶意软件窃取了敏感的CI/CD机密信息。 最新事件影响了GitHub Actions中的"aquasecurity/trivy-action"和"aquasecurity/setup-trivy"，这两个工具分别用于扫描Docker容器镜像漏洞和在GitHub Actions工作流中设置特定版本的扫描器。

云原生网络犯罪组织TeamPCP再次发起攻击，通过凭证窃取恶意软件入侵了两个新的GitHub Actions工作流。该组织此前曾发起Trivy供应链攻击。 此次被入侵的工作流均由供应链安全公司Checkmarx维护，具体包括： ...

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor ...

近期，网络安全领域发生了一起引人注目的事件：一个基于AI的自主运行机器人成功攻陷了多个主流开源项目的GitHub Actions工作流，造成了严重的安全隐患。这一攻击事件的主要目标包括微软、DataDog、AquaSecurity以及云原生计算基金会（CNCF）项目，引发了业内的广泛关注。

GitHub Actions is a platform built into GitHub that automates software building, testing, and deployment. GitHub, owned by Microsoft, is a hosting service for software development using Git, an open ...

Microsoft’s GitHub today launched the beta of a new version of GitHub Actions with full continuous integration and delivery (CI/CD) capabilities built right into the service. General availability is ...

Automating and streamlining the software development lifecycle through continuous integration and continuous delivery (CI/CD) is a cornerstone of software development today. One of the easiest tools ...

In the past, the CI/CD pipeline was simply a place to integrate code. Developers would write their code in GitHub, pass it through the pipeline, and then deploy it. The pipeline has become a much more ...