Trivy Supply Chain Attack - What Happened and Impacts
Basically, hackers tricked a security tool into spreading harmful code.
A supply chain attack on Trivy led to malicious releases affecting many CI/CD workflows. Organizations using these tools must act quickly to secure their environments. Immediate updates and secret rotations are essential to mitigate risks.
What Happened
On March 19, 2026, a significant supply chain attack targeted Trivy, a popular open-source security tool. Attackers exploited compromised credentials to publish malicious releases of Trivy version 0.69.4, alongside its GitHub Actions, trivy-action and setup-trivy. This incident was not a standalone event; it was part of a multi-stage attack that began weeks earlier, revealing vulnerabilities in the software development lifecycle.
The attackers first gained access to Trivy’s GitHub Actions environment in late February 2026. They exploited a misconfiguration to extract a privileged access token, which allowed them to manipulate repository automation and release processes. By March 1, the Trivy team had disclosed the incident and rotated credentials, but residual access remained, enabling the threat actor to execute their plan.
Who's Being Targeted
The attack primarily affected organizations using Trivy and its associated GitHub Actions. Any CI/CD workflows referencing the compromised versions are at risk. The malicious version of Trivy was designed to collect sensitive information, including API tokens, cloud credentials, and other secrets stored within CI/CD environments. This means that many organizations relying on these tools for their software development processes could have unknowingly executed compromised code.
The impact extends beyond Trivy itself. As a widely trusted tool, the attackers leveraged its reputation to reach downstream users at scale, affecting a broad spectrum of organizations that utilize these components in their workflows.
Tactics & Techniques
The attackers employed sophisticated tactics by modifying existing version tags associated with trivy-action and injecting malicious code. This approach allowed them to execute harmful payloads without raising immediate alarms, as the workflows appeared to complete normally. The malware was designed to exfiltrate sensitive data to attacker-controlled infrastructure, making detection challenging.
This incident exemplifies a modern software supply chain attack, where attackers exploit trusted tools to infiltrate numerous organizations simultaneously. The use of compromised credentials, trusted release channels, and silent execution within CI/CD pipelines underscores the need for heightened vigilance in securing development environments.
Defensive Measures
Organizations using Trivy must take immediate action to mitigate risks. The first step is to update to known-safe versions of the affected components. Users should rotate all potentially exposed secrets and audit their workflows for any signs of compromise. Additionally, it is crucial to pin GitHub Actions to full SHA hashes to prevent similar attacks in the future.
The Trivy team is actively working to contain the incident, having removed malicious releases and implemented stricter access controls. Ongoing monitoring and collaboration with the broader security community are essential to prevent further exploitation. As this situation evolves, organizations should remain alert and proactive in their security measures.
Aqua Security Blog