Lots more technical research about the actual attack and how it worked here: htt... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		feross 5 days ago \| parent \| context \| favorite \| on: Trivy ecosystem supply chain temporarily compromis... Lots more technical research about the actual attack and how it worked here: https://socket.dev/blog/trivy-under-attack-again-github-acti... Disclosure: I’m the founder of Socket.

		help

joecarpenter 4 days ago [–]

Great analysis!

The Go binary was also compromised, but there's almost no information what the compromised binary did. Did it drop a python script? Did it do direct scanning?

If trivy docker image was used, what's the scope (it does not include python).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact