Developers relying on Trivy, a popular open-source vulnerability scanner, are facing a critical security alert. A widespread supply-chain attack has compromised virtually all versions of the tool, potentially exposing sensitive CI/CD secrets. The breach, confirmed by Aqua Security’s VP of Open Source Itay Shakury on Friday, began earlier this week and involved attackers gaining access to force-push malicious code updates to numerous version tags.
The compromised versions of Trivy, used to scan Docker container images for vulnerabilities and set up GitHub Actions workflows, could allow attackers to steal critical information from development pipelines. This includes GitHub tokens, cloud credentials, SSH keys, Kubernetes tokens, and even cryptocurrency wallet data. The incident underscores the growing risks associated with software supply chain attacks, where vulnerabilities in widely used tools can have cascading effects.
According to security firm Socket, the attackers managed to force-push updates to 75 out of 76 version tags in the aquasecurity/trivy-action repository, effectively turning trusted software references into a distribution mechanism for an infostealer. A “forced push” overrides standard safety measures in Git, allowing attackers to overwrite existing commits. Shakury advised anyone suspecting they’ve run a compromised version to immediately treat all pipeline secrets as compromised and rotate them.
Here’s the second supply chain incident involving Trivy within a month. In late February and early March 2026, an autonomous bot exploited a workflow vulnerability to steal a Personal Access Token (PAT) and gain control of the GitHub repository, leading to the publication of malicious Visual Studio Code extensions, as reported by The Hacker News.
What Happened?
The attack centered on the GitHub Actions “aquasecurity/trivy-action” and “aquasecurity/setup-trivy.” These actions are commonly used in CI/CD pipelines to automate vulnerability scanning. By compromising these actions, attackers could inject malicious code into any pipeline that used the affected tags. The malware, once executed within GitHub Actions runners, actively searches for and exfiltrates sensitive credentials.
Specifically, Socket identified that the compromised tags served a malicious payload designed to steal CI/CD secrets. The affected version tags include widely used versions such as @0.34.2, @0.33, and @0.18.0. Notably, version @0.35.0 appears to be unaffected by the compromise.
What Makes Trivy a Target?
Trivy’s popularity makes it an attractive target for attackers. With 33,200 stars on GitHub, the tool is widely integrated into the software development workflows of numerous organizations. Its function – scanning for vulnerabilities – also means it often has access to sensitive credentials used in the build and deployment process.
Aqua Security, the maintainer of Trivy, has been actively responding to the incident. Itay Shakury, VP Open Source at Aqua Security, has been central to communicating updates and guidance to the community.
What Should Developers Do?
The immediate recommendation from security experts and Aqua Security is to assume compromise if you’ve used Trivy actions with potentially affected tags. This means:
- Rotate all pipeline secrets: Change passwords, API keys, and other credentials used in your CI/CD pipelines.
- Review audit logs: Examine logs for any suspicious activity that might indicate unauthorized access.
- Update to a safe version: If possible, update to version @0.35.0 or a later, verified secure version of Trivy.
The incident highlights the importance of robust security practices throughout the software development lifecycle, including regular vulnerability scanning, secure credential management, and proactive monitoring for suspicious activity.
The fallout from this attack is still unfolding, and developers should remain vigilant. Aqua Security is continuing to investigate the incident and will likely release further guidance as more information becomes available. The broader implications for software supply chain security are significant, and this incident will likely spur increased scrutiny of open-source dependencies and CI/CD pipeline security.
Share your thoughts and experiences in the comments below. Have you been affected by this compromise? What steps are you taking to secure your CI/CD pipelines?
