Aqua Security Trivy Action Compromised: Malicious Tags Force-Pushed in Major Supply Chain Attack

A sophisticated supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy, a critical open-source security scanner used by millions of repositories. Threat actors used stolen credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repository to credential-stealing malware. Simultaneously, all 7 tags in the related `aquasecurity/setup-trivy` repository were replaced with malicious commits. This attack directly targeted the core infrastructure of a tool designed to find vulnerabilities, turning it into a vector for infection.

The exposure window for the initial malicious `trivy v0.69.4` release began on March 19, 2026, at 18:22 UTC. The attack escalated on March 22, 2026, when the same threat actors used compromised credentials again to publish malicious `v0.69.5` and `v0.69.6` DockerHub images. This multi-pronged assault indicates persistent access and a clear intent to maximize the infection radius by poisoning both the GitHub Action versions and the container images developers pull directly.

The implications are severe for the global software development ecosystem. Any pipeline that automatically updated to the compromised tags during the exposure windows could have had its secrets and credentials harvested. This incident underscores the extreme risk when the security credentials for foundational security tools themselves are breached, creating a cascading failure of trust. Organizations must immediately audit their CI/CD pipelines for any usage of the affected Trivy Action or Docker image versions during the specified dates.