Aqua Security Trivy Supply Chain Attack: Malicious Releases & Credential-Stealing Tags Force-Pushed to GitHub

A sophisticated supply chain attack has compromised the core security tools of Aqua Security, a major player in the container and vulnerability scanning space. Threat actors used compromised credentials to publish malicious releases of the Trivy scanner and force-push nearly all version tags in its associated GitHub repositories to credential-stealing malware. This incident directly targets the integrity of a foundational security tool used by thousands of organizations to audit their software for vulnerabilities, turning the scanner itself into a potential attack vector.

The attack unfolded in two distinct phases. On March 19, 2026, attackers published a malicious Trivy v0.69.4 release. They then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` GitHub repository to malicious commits, and replaced all 7 tags in the `aquasecurity/setup-trivy` repository. Three days later, on March 22, the same or a related actor used compromised credentials again to publish malicious Trivy v0.69.5 and v0.69.6 images to DockerHub. The exposure window for the initial v0.69.4 release began on March 19 at 18:22 UTC.

This incident represents a critical breach of trust in the software supply chain. Any development pipeline that automatically updated to the affected Trivy versions or GitHub Action tags during the exposure window could have had its credentials harvested. The attack undermines the security posture of countless CI/CD pipelines that rely on Trivy for compliance and safety checks, forcing a mass re-evaluation of dependencies and update practices. The scale of the tag manipulation—affecting nearly the entire version history of a key action—suggests a deliberate effort to maximize infection potential and complicate remediation for users.