Aqua Security Trivy GitHub Action Compromised: Malicious Tags Force-Pushed in Credential Attack

A threat actor has compromised the official GitHub repositories for Aqua Security's Trivy vulnerability scanner, force-pushing malicious code to dozens of version tags. The attack, which began on March 19, 2026, involved the use of stolen credentials to publish a malicious Trivy v0.69.4 release and to overwrite 76 out of 77 version tags in the `aquasecurity/trivy-action` repository with credential-stealing malware. Simultaneously, all 7 tags in the related `aquasecurity/setup-trivy` repository were replaced with malicious commits. The attack escalated on March 22, 2026, when the same actor used compromised credentials to publish malicious Trivy v0.69.5 and v0.69.6 images to DockerHub.

The compromise represents a severe supply chain attack targeting a critical security tool widely used for scanning container images and infrastructure as code for vulnerabilities. The malicious tags were active for an undisclosed period, creating a significant exposure window for any projects or CI/CD pipelines that automatically pulled these specific versions. The advisory, tracked as CVE-2026-33634, indicates the primary vector was credential compromise, not a direct code vulnerability, highlighting a critical failure in access control for a security-focused organization.

The incident places immense pressure on Aqua Security's operational security and trust model. Organizations that rely on Trivy for security compliance must now urgently audit their dependency versions and CI/CD configurations. The forced update to version 0.35.0 of the GitHub Action, as seen in the source pull request, is a direct remediation step. This breach signals that even the tools trusted to secure the software supply chain are themselves vulnerable to takeover, raising fundamental questions about the integrity of automated security scanning within development pipelines.