Wasn’t sure where to ask this… it’s about the CVE for trivy with respect to Dockhand using it to scan images. https://www.docker.com/blog/trivy-supply-chain-compromise-what-docker-hub-users-should-know/
Does this affect us. It seems some say since dockhand is only scanning the image and doesn’t pass it the .env or compose to scan, we are unaffected. That seem to make sense to me if that is true but I’m a newbie and don’t know if that is true.
hoping someone smarter and with more experience than me can confirm my understanding that we are not affected.