Aqua Security Trivy Action Compromised: Malicious Tags Force-Pushed in GitHub Supply Chain Attack

A sophisticated supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release and force-push 76 out of 77 version tags in the `aquasecurity/trivy-action` repository to credential-stealing malware. Simultaneously, all 7 tags in the related `aquasecurity/setup-trivy` repository were replaced with malicious commits. The attack escalated on March 22, 2026, when the same actor used compromised credentials to publish malicious Trivy v0.69.5 and v0.69.6 images to DockerHub, expanding the attack surface beyond GitHub.

The exposure window for the initial malicious `trivy v0.69.4` release began on March 19, 2026, at 18:22 UTC. This incident, tracked as CVE-2026-33634, represents a direct compromise of a core security tool's distribution channels. The threat actor's ability to force-push a vast majority of historical version tags indicates deep access and an intent to maximize infection, potentially ensnaring developers and CI/CD pipelines that pinned to older, now-malicious, versions of the action.

The breach places immense pressure on organizations relying on Trivy for container and code security scanning, as the tool itself became a vector for compromise. This event signals a critical risk in the software supply chain, where trust in foundational security utilities is paramount. The forced update to v0.35.0 of the Trivy Action, as seen in the source pull request, is a direct remediation step, but the incident underscores the vulnerability of automated workflows to credential compromise and tag manipulation. The full scope of impacted systems and any data exfiltration remains under investigation.