Aqua Security Trivy Supply Chain Attack: Malicious Releases & Credential-Stealing Tags Deployed

A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project. Threat actors, using compromised credentials, successfully published malicious software releases and overwrote dozens of version tags with credential-stealing malware, directly targeting the software supply chain of a major security scanner. The attack created a critical exposure window where users pulling the affected versions were at risk of infection.

The incident unfolded in two distinct phases. On March 19, 2026, an actor published a malicious Trivy v0.69.4 release. Simultaneously, they force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` GitHub repository to malicious commits. All 7 tags in the related `aquasecurity/setup-trivy` repository were also replaced. Three days later, on March 22, the same or a related actor used compromised credentials again to publish malicious Trivy v0.69.5 and v0.69.6 images to DockerHub.

This attack represents a direct assault on the integrity of a foundational security tool used for vulnerability scanning. The compromise of both GitHub release tags and official container images creates a cascading risk for development pipelines and CI/CD systems that rely on automated updates. The incident triggers immediate scrutiny of credential management and release processes for critical open-source security infrastructure, raising urgent questions about the resilience of the software supply chain against credential-based attacks.