Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (Cyborg)
  • No Skin
Collapse
Brand Logo

CIRCLE WITH A DOT
  1. Home
  2. Uncategorized
  3. The trivy heist cascading worries me greatly.

The trivy heist cascading worries me greatly.

Scheduled Pinned Locked Moved Uncategorized
1 Posts 1 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • rradczewski@hachyderm.ioR This user is from outside of this forum
    rradczewski@hachyderm.ioR This user is from outside of this forum
    rradczewski@hachyderm.io
    wrote last edited by
    #1

    The trivy heist cascading worries me greatly. It shows again how quick stolen credentials can be used to infect other packages and even ecosystems. Really seems a new magnitude from the npmjs worms back then.

    Basically my conclusion has to be to not run packages, for which there is no attestation that's at least 30 days old, delegating the risk to others and hoping that maintainers notice in time.

    1 Reply Last reply
    1
    0
    • R relay@relay.infosec.exchange shared this topic
    Reply
    • Reply as topic
    Log in to reply
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes

    • Login
    • Login or register to search.
    • First post
      Last post
    0
    • Categories
    • Recent
    • Tags
    • Popular
    • World
    • Users
    • Groups