|
|
|
|
|
|
by Rial_Labs
65 days ago
|
|
|
You're right and forking actions is the correct mitigation. The gap is operational discipline. Most teams know they should fork
upstream actions and review updates before pulling them in. Almost
none actually do it consistently. The Trivy attack is useful not
because it revealed something unknown but because it made the
abstract cost of that gap concrete. |
|
|