Reading up on Trivy
2 deep · digging since feb 17
- GitHub Actions is the weakest link
GitHub Actions' default features—mutable tags, pull_request_target, template injection, and write-scoped tokens—have enabled a chain of supply-chain attacks on open-source registries, and GitHub's opt-in security roadmap won't fix the root causes.
- Dockhand - Modern Docker Management
Dockhand is a free, self-hosted Docker management platform offering SSO, vulnerability scanning, Git deployments, and enterprise features under a BSL 1.1 license.