security: Guidance for detecting, investigating, and defending against the Trivy supply chain compromise
Microsoft Security Blog
2026-03-25
Microsoft describes a Trivy supply-chain compromise in which attackers abused trusted distribution channels to deliver credential-stealing malware into CI/CD pipelines. The post outlines attacker techniques plus detection, investigation, and defense steps for security teams.