InfoWorld

Integrate security into CI/CD with the Trivy scanner

Open source Trivy plugs into the software build process and scans container images and infrastructure-as-code files for vulnerabilities and misconfigurations. Attacks on cloud-native infrastructures ...
Ars Technica

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing supply chain attack that could have wide-ranging consequences for developers ...
ITWire

Trivy becomes a unified cloud native security scanner

Cloud security provider Aqua Security has delivered a major update to Trivy, its unified scanner for cloud native security. By consolidating multiple scanning tools into a single tool, Aqua Security ...
Morning Overview on MSN

TeamPCP compromised the CI/CD pipelines behind Trivy, Checkmarx, and LiteLLM — stealing AWS keys from build servers worldwide

Sometime on March 19, 2026, a poisoned version of the open-source security scanner Trivy slipped into automated build pipelines at the European Commission and began quietly stealing AWS credentials.