Fetching from the wire…
01
02
03
04
05
06
07
08
Source-backed findings, relationship evidence, citations, and briefing history from the public MindPattern archive.
LiteLLM's CI/CD pipeline uses Trivy GitHub Action
Source findingTeamPCP compromised Trivy to gain credentials for poisoning LiteLLM.
Source findingTrivy was used as attack vector to compromise LiteLLM CI/CD.
Source findingTeamPCP compromised the trivy-action GitHub Action for the second time in March.
Source findingAqua Security built Trivy vulnerability scanner.
Source findingTeamPCP compromised Trivy via tag poisoning, forcing commit hash pinning security requirements.
Source findingTeamPCP threat actor compromised Trivy package on PyPI.
Source findingTeamPCP compromised Trivy GitHub Action to attack LiteLLM.
Source findingTeamPCP compromised Aqua Security's Trivy to attack LiteLLM.
Source finding