Widely used Trivy security scanner compromised in ongoing supply chain attack

Trivy, a widely used open-source security scanner for containers and infrastructure-as-code, was compromised in an ongoing supply chain attack, Ars Technica reported. Trivy is used by thousands of organizations to scan Docker containers and Kubernetes clusters. A compromise of the scanner is particularly dangerous because security tools run with elevated privileges. The incident adds to a growing list of supply chain attacks targeting developer and security tooling.