Skip to content

Commit 17b2656

Browse files
authored
added link to Trivy's statement about the event
1 parent ac159be commit 17b2656

1 file changed

Lines changed: 2 additions & 0 deletions

File tree

content/blog/trivy_security_incident.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@ ASF Infrastructure and ASF Security have provided the following summary based on
1010
- Trivy version 0.69.4 contained malicious code that could potentially steal credentials present in GitHub Secrets.
1111
- The trivy-action GitHub Action and trivy-setup were also compromised.
1212

13+
On March 21, Trivy published this <a href="https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23" target="_blank">statement about the event</a>.
14+
1315
### Impact on ASF projects
1416
A small number of ASF projects include the trivy GitHub Action in their build workflows.
1517

0 commit comments

Comments
 (0)