Aqua Security Trivy Supply Chain Breach: Malicious Releases & Credential-Stealing Tags Force-Pushed to GitHub Actions

A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project, with a threat actor using stolen credentials to publish malicious software releases and overwrite nearly all version tags in the official GitHub repositories. The breach directly targeted the `aquasecurity/trivy-action` and `aquasecurity/setup-trivy` repositories, fundamental components used by thousands of organizations for container and dependency vulnerability scanning. This incident represents a critical compromise of a security tool's own supply chain, creating a high-risk exposure window for any downstream user or automated pipeline that pulled the tainted versions.

The attack unfolded in two phases. On March 19, 2026, the actor published a malicious `trivy v0.69.4` release. They then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repository to point to credential-stealing malware, effectively poisoning the project's history. Simultaneously, all 7 tags in the `aquasecurity/setup-trivy` repository were replaced with malicious commits. Three days later, on March 22, the same compromised credentials were used to publish malicious `trivy v0.69.5` and `v0.69.6` images to DockerHub, expanding the attack surface.

The exposure window for the initial `trivy v0.69.4` release began on March 19, 2026, at 18:22 UTC. This breach places immense pressure on security and DevOps teams globally to audit their CI/CD pipelines immediately. Any organization using automated workflows that reference the default or latest tags of these Aqua Security actions may have inadvertently executed malicious code. The incident triggers urgent scrutiny of credential management for maintainers of critical open-source security infrastructure and highlights the cascading risk when a tool designed to find vulnerabilities becomes the vulnerability itself.