GitHub Action Compromised: Malicious Trivy v0.69.4 Release and Tag Hijack Exposed

A critical supply chain attack has compromised the official GitHub Actions for Trivy, a widely used open-source security scanner. On March 19, 2026, a threat actor used stolen credentials to publish a malicious Trivy v0.69.4 release and force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repository to credential-stealing malware. Simultaneously, all 7 tags in the related `aquasecurity/setup-trivy` repository were replaced with malicious commits. This attack directly targeted the core infrastructure developers rely on for container and dependency vulnerability scanning.

The attack vector exploited compromised maintainer credentials, allowing the actor to manipulate official release artifacts and version tags—the very components automated workflows trust. The malicious tags were live for an undisclosed exposure window, potentially injecting malware into any CI/CD pipeline that automatically updated or used a pinned version within the affected range. The scale is significant, impacting nearly the entire version history of the primary `trivy-action`.

The incident reveals a severe weakness in the security of automated tooling ecosystems. Any organization using Trivy's GitHub Actions during the exposure period must immediately audit their pipelines for signs of compromise. This event will prompt intense scrutiny of credential management for high-value open-source projects and could lead to broader mandates for cryptographic signing of GitHub Actions releases. The fallout pressures maintainers across the ecosystem to harden release processes against similar takeover attacks.