ADDENDUM: The dormant (inactive) project deletion that was announced on 25.3. has been set back to "off" for the time being because of user wishes and comments.
Admin message
If your CI/CD process uses Trivy (tag:latest or v.0.69.4), please read this:
Trivy image has been compromised for around 3 hours between Thursday 19.3 and Friday 20.3. The InfoStealer scanned for CI/CD tokens, Kubernetes credentials, SSH-keys and basically everything you can get your hands on while on the CI/CD job.
There is also possibility of injecting malware into any images made through this process.
SO IF YOU ARE USING THE TRIVY IMAGE AS PART OF YOUR CI/CD, PLEASE MAKE SURE TO:
CHECK THE VERSION (LATEST OR VERSION 0.69.4)
IF USING THE VULNERABLE VERSION, CHANGE YOUR TOKENS / INFO USED IN THE PROCESS
REMAKE ANY IMAGES (IN THE CONTAINER REGISTRY, etc) WITH NON-VULNERABLE VERSIONS AND USE THEM
