{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigtkokcu6bkp5hkb46yntpvfzl2g3tjyzmsfucdxd3g4q6scd5dn4",
    "uri": "at://did:plc:gapzbf5nl5wxaqkqoecaeawh/app.bsky.feed.post/3mhxm32kpj4r2"
  },
  "path": "/sophisticated-supply-chain-attack-targeting-trivy-expands-to-checkmarx-litellm/",
  "publishedAt": "2026-03-25T15:39:13.000Z",
  "site": "https://devops.com",
  "tags": [
    "AI",
    "Blogs",
    "Business of DevOps",
    "CI/CD",
    "DevSecOps",
    "Features",
    "IT Security",
    "News",
    "Social - Facebook",
    "Social - LinkedIn",
    "Social - X",
    "AI (Artificial Intelligence)",
    "AI supply chain attacks",
    "Aqua Security Trivy",
    "Checkmarx",
    "Cloud Security",
    "credentials",
    "exposed secrets",
    "GitHub Actions",
    "LiteLLM",
    "microsoft",
    "Palo Alto Networks",
    "Sysdig",
    "TeamPCP"
  ],
  "textContent": "The supply chain attack that compromised Aqua Security’s Trivy open source security vulnerability scanner and its associated GitHub Actions earlier this month continues to expand, with software development tools from Checkmarx and LiteLLM being the latest victims of the sophisticated campaign. The threat group behind it, TeamPCP, is using the attacks to create persistence and […]",
  "title": "Sophisticated Supply Chain Attack Targeting Trivy Expands to Checkmarx, LiteLLM"
}