Dark Reading

Trivy Supply Chain Attack Targets CI/CD Secrets

A threat actor used the open source security tool to breach CI/CD workflows and steal cloud credentials, SSH keys, and other ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
WinBuzzer

Trivy Breached Twice in a Month via GitHub Actions

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...
TechRepublic

Best CI/CD Pipeline Tools for DevOps

Software developers can leverage the power of continuous integration and continuous delivery/deployment (CI/CD) tools to automate the development lifecycle. Such automation allows them to increase ...
Visual Studio Magazine

Hardening CI/CD: Essential Strategies to Mitigate Security Risks

As DevOps practices mature and Continuous Integration/Continuous Deployment (CI/CD) pipelines become more deeply embedded in the software delivery lifecycle, the ...
HealthTech

CI/CD in the Health Industry: a Practical Guide

Continuous integration (CI) and continuous deployment (CD) are software development practices that promote a more agile and efficient approach to building, testing, and deploying software. The ...