Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
GitHub

immutable-ledger

High-speed cryptographic liability scanner for WORM compliance. Evaluates data gravity, identifies missing Ed25519 sidecars, and calculates exposure risk against SEC 17a-4 and ESIC chain-of-custody ...