Aqua Security Trivy GitHub Action Compromised: Malicious Tags Force-Pushed in Supply Chain Attack

A sophisticated supply chain attack has compromised the official GitHub repositories for Aqua Security's Trivy vulnerability scanner, with a threat actor using stolen credentials to publish malicious software releases and force-push dozens of version tags to credential-stealing malware. The attack targeted the core `aquasecurity/trivy-action` and `aquasecurity/setup-trivy` repositories, directly impacting the CI/CD pipelines of thousands of projects that depend on these automated security tools.

The incident unfolded in two distinct phases. On March 19, 2026, the actor published a malicious Trivy v0.69.4 release and executed a destructive force-push operation, overwriting 76 out of 77 version tags in the `trivy-action` repository with malicious commits. Simultaneously, all 7 tags in the `setup-trivy` repository were replaced. Three days later, on March 22, the same actor leveraged compromised credentials again to publish malicious Trivy v0.69.5 and v0.69.6 container images to DockerHub, expanding the attack surface beyond GitHub.

This breach represents a critical failure in the software supply chain, turning a trusted security tool into a vector for credential theft. The exposure window for the initial GitHub compromise lasted from March 19, 18:22 UTC until remediation. The scale of the tag overwrites suggests the attacker sought to maximize infection by retroactively poisoning widely used historical versions. Organizations that ran automated workflows pulling from these repositories during the exposure window must immediately audit their systems for compromised secrets and assume their CI/CD environments were targeted.