Tag feed

#trivy

154 posts10 followers

Trending tags this week

The TeamPCP Attack: How One Stolen Token Compromised Trivy, LiteLLM, and 47 npm Packages — What Every Developer Must Do Now

May 2 · 9 min read · On March 26, 2026, security researchers at Socket.dev flagged anomalous publishing activity across dozens of npm packages. Within hours, the scope of the incident became clear: a threat actor operating under the handle TeamPCP had compromised a singl...

Join discussion

SPSanchit Panditsanchitpandit.hashnode.dev

0

Scan Docker Images with Trivy: CI/CD Security Pipeline Guide

Apr 28 · 3 min read · In Part 1, we covered hardened Docker images. In Part 2, we focused on Dockerfile security best practices. This guide shows how to scan Docker images for vulnerabilities using Trivy and integrate it i

Join discussion

SPSaad Patelsaad-patel.hashnode.dev

0

AutoScaleOps: I Built a Production-Grade DevSecOps Platform From Scratch — Here's Everything

Apr 23 · 23 min read · A month of late nights, broken pipelines, unfixable CVEs, and one cluster that refused to scale — here's the full story of building AutoScaleOps: a complete CI/CD platform with security gates, GitOps,

Join discussion

VNVũ Nhật Lâmblog.fiscybersec.com

0

TeamPCP Supply Chain Campaign: When the Security Scanner Became a Weapon Against AI Infrastructure

Apr 11 · 15 min read · Executive Summary On March 24, 2026, threat group TeamPCP successfully pushed two backdoored versions of the Python library LiteLLM (v1.82.7 and v1.82.8) to PyPI — a package registry serving over 95 m

Join discussion

UOUbani Obiajulum Emmanuelemmanuelubani.hashnode.dev

0

I Built a Production-Grade CI/CD Pipeline With GitHub Actions That Lints, Tests, Scans, Builds, and Deploys to AWS ECS — Here Is Every Decision I Made and Why

Apr 9 · 16 min read · Before I Was a DevOps Engineer, I Was a Lot of Other Things I have cleaned animal enclosures at a zoo. I have replaced brake pads and diagnosed engine faults as an automotive apprentice. I have manage

Join discussion

SMShubham Mishrasammy-secops.hashnode.dev

1

From Security Tool to Credential Stealer: The TeamPCP Trivy Supply Chain Attack

Apr 3 · 40 min read · TL;DR — Read This First On March 19, 2026 at approximately 17:43 UTC, threat actor group TeamPCP silently redirected trivy-action@0.34.2 — a real, trusted release already running in thousands of CI/CD

CCorrelic commented

DGDevTools Guidedevtoolsguide.hashnode.dev

0

Dependency Management and Security Scanning

Mar 3 · 5 min read · Dependency Management and Security Scanning The average JavaScript project has 200+ transitive dependencies. The average Python project has 50+. Every one of them is attack surface. Supply chain attacks — compromising a widely-used package to inject ...

Join discussion

GEGregory El Bajourynexus-devops.hashnode.dev

0

La Toolbox DevSecOps : Sécuriser vos images Docker avec Trivy

Feb 21 · 6 min read · I. Qu’est-ce que Trivy ? Dans l’univers de The Mandalorian, aucune pièce d'armure ne quitte la Forge sans avoir été purifiée et martelée selon le Code. Déployer un conteneur sur Kubernetes sans vérifi

Join discussion

TITech Insights Hubtopperblog.hashnode.dev

0

Container Security: Trivy Scanning

Feb 12 · 9 min read · Why Traditional Container Scanning Approaches Fall Short Legacy container scanning solutions were designed for slower release cycles and centralized infrastructure models. These tools typically operate as standalone services requiring dedicated infra...

Join discussion

TITech Insights Hubtopperblog.hashnode.dev

0

Trivy Container Scanner: Vulnerability Scanning

Feb 12 · 2 min read · Trivy Container Scanner: Vulnerability Scanning The Problem That Changed Everything Modern development requires modern solutions. Table of Contents Why This Matters Quick Start Implementation Best Practices FAQ Conclusion Why This Matters Essential...

Join discussion

#trivy

Search Hashnode

#trivy

Trending tags this week

The TeamPCP Attack: How One Stolen Token Compromised Trivy, LiteLLM, and 47 npm Packages — What Every Developer Must Do Now

Scan Docker Images with Trivy: CI/CD Security Pipeline Guide

AutoScaleOps: I Built a Production-Grade DevSecOps Platform From Scratch — Here's Everything

TeamPCP Supply Chain Campaign: When the Security Scanner Became a Weapon Against AI Infrastructure

I Built a Production-Grade CI/CD Pipeline With GitHub Actions That Lints, Tests, Scans, Builds, and Deploys to AWS ECS — Here Is Every Decision I Made and Why

From Security Tool to Credential Stealer: The TeamPCP Trivy Supply Chain Attack

Dependency Management and Security Scanning

La Toolbox DevSecOps : Sécuriser vos images Docker avec Trivy

Container Security: Trivy Scanning

Trivy Container Scanner: Vulnerability Scanning