Aqua Security Trivy Supply Chain Attack: Malicious Releases & Tags Force-Pushed via Compromised Credentials

A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project, with a threat actor using stolen credentials to publish malicious software releases and overwrite dozens of version tags with credential-stealing malware. The attack targeted the official `aquasecurity/trivy-action` GitHub Action and the `aquasecurity/setup-trivy` tool, critical components used by thousands of organizations to scan container images for vulnerabilities. The malicious activity began on March 19, 2026, when the actor published a rogue Trivy v0.69.4 release and force-pushed 76 out of 77 version tags in the `trivy-action` repository to malicious commits. Simultaneously, all 7 tags in the `setup-trivy` repository were replaced.

The scope of the compromise widened on March 22, 2026, when the same threat actor, again using compromised credentials, published malicious Trivy v0.69.5 and v0.69.6 images to DockerHub. This multi-vector attack—spanning GitHub releases, Git tags, and container registries—represents a severe breach of trust in a foundational security scanning tool. The exposure window for the initial malicious `trivy v0.69.4` release began on March 19, 2026, at 18:22 UTC, creating a critical risk period for any downstream users or automated pipelines that pulled these tainted versions.

This incident triggers immediate and widespread scrutiny of software supply chain security, particularly for tools positioned as defenders of the software lifecycle. Organizations that rely on Trivy for CI/CD security scanning now face the urgent task of auditing their pipelines, checking for any pulls of the compromised versions (v0.69.4, v0.69.5, v0.69.6), and rotating any credentials that may have been exposed to the malware. The attack underscores the catastrophic consequences when the credentials for maintaining a security tool itself are compromised, turning a trusted scanner into a potent vector for credential theft and further intrusion.