Trivy Supply Chain Attack - Key Insights and Implications
Basically, hackers used stolen credentials to insert bad code into a popular security tool.
A major supply chain attack compromised Trivy, a popular security tool. Users must act quickly to secure their systems. This incident underscores vulnerabilities in trusted software.
What Happened
On March 19, 2026, a serious supply chain attack unfolded involving Trivy, a widely used open-source security tool. A threat actor exploited compromised credentials to publish a malicious version of Trivy, specifically version 0.69.4, along with its associated GitHub Actions. This incident was not isolated; it was part of a multi-stage attack that began weeks earlier, showcasing the evolving tactics of cybercriminals.
The attack timeline reveals that in late February, attackers exploited a misconfiguration in Trivy’s GitHub Actions environment. They extracted a privileged access token, which allowed them to infiltrate the repository automation and release processes. By March 1, the Trivy team had disclosed the incident and rotated credentials, but residual access remained. On March 19, the attackers force-pushed malicious commits to the Trivy repositories, redirecting trusted references to harmful code.
Who's Affected
The attack impacted several components of the Trivy ecosystem. Specifically, the malicious version of the Trivy binary (v0.69.4) was released, along with compromised tags in the GitHub Actions repositories, aquasecurity/trivy-action and aquasecurity/setup-trivy. Any CI/CD workflow referencing these actions or downloading the compromised version during the attack window is potentially affected.
Organizations that used Trivy or its GitHub Actions during the specified timeframe should treat all secrets accessible to those environments as exposed. This includes sensitive information such as API tokens, cloud credentials, and SSH keys, which could lead to further exploitation if not addressed promptly.
Tactics & Techniques
The attackers employed a sophisticated approach by modifying existing version tags instead of creating a clearly malicious version. This strategy allowed them to inject harmful code into workflows that organizations were already using, leading to silent data exfiltration without raising immediate alarms. The malware executed before legitimate scanning processes, making it difficult for users to detect the compromise.
This incident exemplifies the dangers of supply chain attacks, where attackers leverage trusted tools to reach a wide array of users. It highlights the need for organizations to be vigilant about the security of their CI/CD pipelines and the components they integrate.
Defensive Measures
In response to the attack, Aqua Security and the Trivy team have taken several critical actions. They removed the malicious releases from all distribution channels and implemented stricter access controls to prevent future incidents. Users are advised to update to known-safe versions of Trivy and its associated actions immediately.
Organizations must also rotate all potentially exposed secrets and audit their workflows for any signs of compromise. Long-term, it’s crucial to pin GitHub Actions to immutable commit SHA hashes rather than mutable version tags to mitigate similar risks in the future. Continuous monitoring and community collaboration will be essential in addressing the ongoing threat landscape and ensuring user safety.
Aqua Security Blog