Aqua Security Trivy Supply Chain Attack: GitHub Actions, DockerHub Images Compromised

A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project, injecting credential-stealing malware into official GitHub Actions and DockerHub images. The attack, executed by a threat actor using compromised credentials, directly targeted the integrity of the Trivy vulnerability scanner—a tool trusted by developers to secure their own software. This incident represents a critical breach of trust in a foundational security utility, turning a defensive tool into a potential attack vector.

The attack unfolded in two distinct phases. On March 19, 2026, the actor published a malicious Trivy v0.69.4 release. They then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` GitHub repository to point to malicious commits, effectively poisoning the version history. Simultaneously, all 7 tags in the related `aquasecurity/setup-trivy` repository were replaced. Three days later, on March 22, the same actor used compromised credentials to publish malicious Trivy v0.69.5 and v0.69.6 images to DockerHub, extending the attack surface from CI/CD pipelines to container deployments.

The exposure window for the initial malicious `trivy v0.69.4` release began on March 19, 2026, at 18:22 UTC. This incident places immense pressure on organizations that automatically pull the latest Trivy versions, as their CI/CD pipelines and container builds may have silently executed malicious code. The breach underscores the extreme risk when the credentials for maintaining critical open-source security infrastructure are compromised, enabling an attacker to weaponize the software supply chain from within.