Trivy Vulnerability Scanner: Supply Chain Attack Compromises Pipelines & Secrets

March 21, 2026 Rachel Kim – Technology Editor Technology

A widespread compromise of Aqua Security’s Trivy vulnerability scanner has left developers scrambling to assess potential breaches of their CI/CD pipelines, with security researchers warning that sensitive credentials may have been stolen. The attack, which impacted the widely used GitHub Actions for Trivy, was confirmed by Itay Shakury, VP Open Source at Aqua Security, on Friday.

The breach involved a force-push of malicious code to 75 of 76 version tags within the “aquasecurity/trivy-action” repository, effectively turning trusted software references into a distribution point for an infostealer, according to Socket security researcher Philipp Burckhardt. The compromised tags included commonly used versions such as @0.34.2, @0.33, and @0.18.0, while version @0.35.0 appears to be unaffected.

The malware, once executed within GitHub Actions runners, is designed to extract a wide range of sensitive data from CI/CD environments. This includes SSH keys, credentials for cloud service providers, database access information, Git credentials, Docker configurations, Kubernetes tokens, and even cryptocurrency wallet data, Socket reported.

Shakury advised users who suspect they may have run a compromised version of Trivy to immediately treat all pipeline secrets as compromised and initiate a rotation of those credentials. “Assume your pipelines are compromised,” he wrote.

This incident marks the second time Trivy has been targeted in a supply chain attack within the past month. Late February and early March saw an autonomous bot, dubbed hackerbot-claw, exploit a workflow vulnerability to steal a Personal Access Token (PAT) and gain control of the GitHub repository. The attacker subsequently deleted release versions and pushed malicious versions of a Visual Studio Code extension to Open VSX, as reported by Wiz.

The initial compromise was flagged by security researcher Paul McCarty after the publication of a rogue version (0.69.4) to the “aquasecurity/trivy” GitHub repository, which was later removed. The current attack, but, appears to be more extensive, impacting a significantly larger number of version tags.

Trivy, an open-source vulnerability scanner, is popular among developers for identifying security flaws and inadvertently exposed authentication secrets within software development pipelines. The project boasts over 33,200 stars on GitHub, indicating its widespread adoption.