The recent security incident involving the popular vulnerability scanner, Trivy, has revealed a sophisticated supply-chain attack orchestrated by the threat group known as teampcp. Malicious actors infiltrated the official Trivy release channels and GitHub Actions workflows to distribute credential-stealing malware. Trivy, widely used by developers and security professionals, is instrumental...