---
title: "Trivy-al Releases"
id: "12899"
type: "podcast"
slug: "trivy-al-releases"
published_at: "2022-08-18T10:00:00+00:00"
modified_at: "2023-03-13T17:58:25+00:00"
url: "https://www.lastweekinaws.com/podcast/aws-morning-brief/trivy-al-releases/"
markdown_url: "https://www.lastweekinaws.com/podcast/aws-morning-brief/trivy-al-releases.md"
taxonomy_shows:
  - "Last Week In AWS"
---

About the Author Corey is the Chief Cloud Economist at Duckbill, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure.

[https://podcasts.apple.com/us/podcast/aws-morning-brief/id1466344305](https://podcasts.apple.com/us/podcast/aws-morning-brief/id1466344305)

[https://overcast.fm/itunes1466344305/aws-morning-brief](https://overcast.fm/itunes1466344305/aws-morning-brief)

[https://pca.st/AKs0](https://pca.st/AKs0)

[https://podcastaddict.com/podcast/2382583](https://podcastaddict.com/podcast/2382583)

[https://open.spotify.com/show/3A04JNrNAcZMvn8cvDWpWU](https://open.spotify.com/show/3A04JNrNAcZMvn8cvDWpWU)

[https://feeds.transistor.fm/aws-morning-brief](https://feeds.transistor.fm/aws-morning-brief)

## Episode Summary

Last week in security news: Dependency confusion in AWS CodeArtifact, this week's S3 Bucket Negligence Award, a new tool called Trivy, and more!

## Episode Show Notes & Transcript

**Links:**

- Apparently there's been some [dependency confusion in AWS CodeArtifact](https://www.cloudvulndb.org/dependency-confusion-in-aws-codeartifact) .
- PlatformQ wins this week's [S3 Bucket Negligence Award](https://www.digitaljournal.com/life/medical-platform-leaks-nearly-100000-healthcare-professionals-personal-data/article)
- Found an interesting article that suggests that [ransomware in AWS](https://www.firemon.com/what-you-need-to-know-about-ransomware-in-aws/) isn't a purely theoretical concern.
- Protocol interview with [AWS CISO CJ Moses](https://www.protocol.com/enterprise/cj-moses-aws-ciso) about his cloud security challenges.
- [AWS co-announces release of the Open Cybersecurity Schema Framework (OCSF) project](https://aws.amazon.com/blogs/security/aws-co-announces-release-of-the-open-cybersecurity-schema-framework-ocsf-project/)
- [Trivy](https://github.com/aquasecurity/trivy) is a security scanner for vulnerabilities in container images, Git repositories, filesystems, and various bits of configuration.

 View Full Transcript  Hide Full Transcript

## You might also like

[More Podcast Episodes](https://www.lastweekinaws.com/podcast/aws-morning-brief/)