Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets.
The latest incident impacted GitHub Actions « aquasecurity/trivy-action » and « aquasecurity/setup-trivy, » which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow
