|
|
|
|
|
|
by alierfan
69 days ago
|
|
|
The technical breakdown of the Trivy attack is a great reminder that our security is only as strong as our version pinning. We all know we should pin to SHA-256 hashes instead of mutable tags, but the UX for managing and updating those hashes is still painful enough that most teams default to tags. Until the tooling makes 'doing the right thing' as easy as @v1, these supply chain leaks will continue to be a high-ROI path for attackers. |
|
|