Security Boulevard

Trivy Scanner Compromise Explained and What it Means For Your SaaS and CI/CD Security

The Trivy supply chain compromise gave attackers a way to deliver malicious infostealer code. Learn how it happened and ...
Computer Weekly

CI/CD series – MuleSoft: An API-led approach to continuous integration

The latest trends in software development from the Computer Weekly Application Developer Network. This is a guest post for the Computer Weekly Developer Network in our Continuous Integration (CI) & ...
Dark Reading

Trivy Supply Chain Attack Targets CI/CD Secrets

A threat actor used the open source security tool to breach CI/CD workflows and steal cloud credentials, SSH keys, and other ...
Bleeping Computer

Malicious RubyGems pose as Fastlane to steal Telegram API data

Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. RubyGems is the official package ...
heise online

Tekton 1.0: Kubernetes-native CI/CD tool with stable API

Tekton Pipelines has hit version 1.0 and is considered stable. The CI/CD framework is based on Kubernetes and is being developed under the CNCF umbrella. After six years of development, the ...
SiliconANGLE

CI/CD platform startup Harness raises $150M to accelerate software delivery

Continuous software delivery startup Harness Inc. is looking to expand its platform and kickstart the next stage of its growth after closing on a $150 million round of debt financing today. The latest ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...