Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>1. Looks like this originated from the trivvy used in our ci/cd

Were you not aware of this in the short time frame that it happened in? How come credentials were not rotated to mitigate the trivy compromise?



The latest trivy attack was announced just yesterday. If you go out to dinner or take a night off its totally plausible to have not seen it.


afaik the trivy attack was first in the news on March 19th for the github actions and for docker images it was on March 23rd


[flagged]


Probably more "serious human" than "serious over-capitalist" or "seriously overworked". Good for them.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: