Aqua Security Trivy Supply Chain Attack: Malicious Releases & Credential-Stealing Tags Force-Pushed to GitHub Actions

A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project, with a threat actor using stolen credentials to publish malicious software releases and force-push dozens of version tags to credential-stealing malware. The attack targeted the `aquasecurity/trivy-action` GitHub Action and the `aquasecurity/setup-trivy` tool, critical components used by thousands of organizations for container and dependency vulnerability scanning. The incident represents a direct assault on the integrity of a foundational security scanner, turning a trusted defense tool into a potential attack vector.

The attack unfolded in two distinct phases. On March 19, 2026, the actor published a malicious Trivy v0.69.4 release and executed a sweeping tag manipulation campaign. They force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repository to malicious commits designed to steal credentials. Simultaneously, all 7 tags in the `aquasecurity/setup-trivy` repository were replaced with malicious code. Three days later, on March 22, the same or a related actor used compromised credentials again to publish malicious Trivy v0.69.5 and v0.69.6 images to DockerHub, expanding the attack surface.

The exposure window for the initial malicious `trivy v0.69.4` release began on March 19, 2026, at 18:22 UTC. This incident places immense pressure on the open-source security ecosystem, demonstrating how compromised maintainer credentials can be weaponized to corrupt an entire version history. Organizations that automatically pull the latest tags or used the affected versions during the exposure window are at direct risk of credential theft and further compromise, forcing urgent audits of CI/CD pipelines and dependency pinning practices.