Trivy Stories

Kiwi Stories

Trivy stories

Collapsing grace period: When your adversaries never tire

Attackers are now moving fast enough that patching delays, standing privilege and inherited trust leave organisations exposed within minutes.

By Chris Campbell • 7 min read • Yesterday

Global Stories

Trivy stories

Application Security

Sonatype warns of surge in trusted open-source malware

Attackers hid malware in familiar package workflows, prompting Sonatype to log 21,764 malicious open-source packages in the quarter.

By Shannon Williams • 4 min read • Last month

Virtualisation

AppOmni adds Heisenberg mode after LiteLLM supply attack

The malicious packages could leave build systems and Kubernetes clusters exposed, prompting checks across CI/CD pipelines and AI frameworks.

By Sean Mitchell • 4 min read • Fri, 27th Mar 2026

DevOps

Trivy GitHub breach exposes CI/CD supply chain risk

Aqua Security's Trivy GitHub Action was hijacked to ship infostealer code via CI/CD pipelines, exposing secrets across downstream users.

By Sofiah Nichole Salivio • 5 min read • Tue, 24th Mar 2026

Security Information and Event Management

JFrog flags 13 critical CI/CD flaws in GitHub workflows

JFrog warns 13 GitHub CI/CD workflow flaws, mostly critical, could let attackers hijack pipelines and steal secrets at scale.

By Mark Tarre • 4 min read • Fri, 6th Mar 2026

Application Security

Aqua Security expands Trivy for Kubernetes vulnerability scanning & KBOM generation

Aqua Security enhances its open-source solution, Trivy, to offer Kubernetes vulnerability scanning and Kubernetes Bill of Materials generation.

By Sean Mitchell • 2 min read • Wed, 8th Nov 2023

Virtualisation

Aqua Security incorporates CIS Kubernetes benchmarks scanning into open source Trivy

Aqua Security's Aqua Trivy now offers full compliance scanning for CIS Kubernetes Benchmarks, simplifying security for cloud native applications.

By Shannon Williams • 3 min read • Thu, 20th Apr 2023

Cloud Security

Aqua Security adds CPSM capabilities to Aqua Trivy

Aqua Security has added cloud security posture management (CPSM) capabilities to its open source tool, Aqua Trivy.

By Zach Thompson • 3 min read • Thu, 18th Aug 2022

DevOps

Aqua Security createa unified scanner for cloud native security

Aqua Security's Trivy becomes world's first unified scanner for cloud native security, consolidating multiple tools into one.

By Shannon Williams • 3 min read • Fri, 20th May 2022

Stories from Other Regions

Trivy stories

Application Security

Aqua Security unveils Trivy Partner Connect to boost open source

Aqua Security launches Trivy Partner Connect to strengthen the ecosystem around its popular open source security scanner, Trivy, boosting collaboration and innovation.

By Catherine Knowles • 4 min read • Tue, 8th Jul 2025

Trivy Stories

Kiwi Stories

Collapsing grace period: When your adversaries never tire

Global Stories

Sonatype warns of surge in trusted open-source malware

AppOmni adds Heisenberg mode after LiteLLM supply attack

Trivy GitHub breach exposes CI/CD supply chain risk

JFrog flags 13 critical CI/CD flaws in GitHub workflows

Aqua Security expands Trivy for Kubernetes vulnerability scanning & KBOM generation

Aqua Security incorporates CIS Kubernetes benchmarks scanning into open source Trivy

Aqua Security adds CPSM capabilities to Aqua Trivy

Aqua Security createa unified scanner for cloud native security

Stories from Other Regions

Aqua Security unveils Trivy Partner Connect to boost open source

FinTech

Industry

Commerce

Consumer tech

Enterprise

Cybersecurity

Telecomms