Aqua Security Trivy GitHub Action Compromised: Malicious Tags Force-Pushed in Supply Chain Attack

A critical supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repository to credential-stealing malware. Simultaneously, all 7 tags in the related `aquasecurity/setup-trivy` repository were replaced with malicious commits. This action effectively poisoned the official update channels for a core security tool used by thousands of development workflows.

The attack window for the initial GitHub compromise lasted from March 19, 2026, at 18:22 UTC until the malicious releases were reverted. The threat actor escalated the attack three days later, on March 22, 2026, by using compromised credentials again to publish malicious Trivy v0.69.5 and v0.69.6 images to DockerHub. This multi-pronged attack targeted both the GitHub Action ecosystem and container registry, maximizing potential infection vectors for developers and CI/CD pipelines relying on automated Trivy scans.

The incident, tracked as CVE-2026-33634, represents a severe breach of trust in a foundational security tool. Organizations that pulled the `aquasecurity/trivy-action` between the exposure dates may have inadvertently executed malware designed to steal credentials. The forced update to version 0.35.0, as seen in the source pull request, is a direct remediation step to move users to a verified, safe version, bypassing the entire range of poisoned tags. This event underscores the systemic risk when the release infrastructure of a security product itself becomes the attack vector.