Y
Hacker News
new
|
ask
|
show
|
jobs
by
cpuguy83
86 days ago
This attack was
not
mitigated by hash pinning. The setup-trivy action installs the latest version of trivy unless you specify a version.
1 comments
AdrienPoupa
86 days ago
Oh, I was referring to `aquasecurity/trivy-action` that was changed with a malicious entrypoint for affected tags. Pinned commits were not affected.
link