Trivy Vulnerability Scanner: Supply Chain Attack Compromises Pipelines & Secrets
A widespread supply chain attack has compromised Aqua Security’s Trivy, a popular open-source vulnerability scanner used by developers to identify security flaws in software. The breach, confirmed by Trivy maintainer Itay Shakury on Friday, potentially impacts a large number of CI/CD pipelines and could expose sensitive credentials. The incident underscores the growing risks associated with software supply chain attacks and the importance of robust security practices.
How the Compromise Unfolded
The attack began early Thursday when a threat actor exploited stolen credentials to gain unauthorized access to the Trivy GitHub repository. They then “force-pushed” malicious code to all but one of the trivy-action tags and seven setup-trivy tags. A force push overrides Git’s safety mechanisms, allowing attackers to overwrite existing commits and effectively replace legitimate code with malicious versions. This allowed the attackers to inject malware into the widely used scanner.
Trivy is designed to scan Docker container images for vulnerabilities and misconfigurations, and is a critical component in many DevOps workflows. With over 33,200 stars on GitHub, it’s a widely adopted tool, making the scope of this compromise significant. The compromised tags include commonly used versions like @0.34.2, @0.33, and @0.18.0, while version @0.35.0 appears to be unaffected.
The Malware’s Purpose: Credential Harvesting
Security firms Socket and Wiz have analyzed the malware and determined its primary function is to steal sensitive information from CI/CD pipelines. Once executed within a compromised pipeline, the malware searches for valuable secrets, including GitHub tokens, cloud credentials, SSH keys, Kubernetes tokens, and other sensitive data. This data is then encrypted and transmitted to a server controlled by the attackers. Socket details the malware’s thorough scanning of development environments.
The implications are severe: any CI/CD pipeline using a compromised version of Trivy effectively executes malicious code during each scan. This means attackers could potentially gain access to a wide range of sensitive data and systems.
Who is Affected?
The primary victims of this attack are developers and organizations that rely on Trivy within their CI/CD pipelines. This includes companies of all sizes, from startups to large enterprises, who use Trivy to automate security checks during the software development process. The breadth of Trivy’s adoption means the potential impact is substantial. The attack also affects the open-source community, as it highlights vulnerabilities in the software supply chain and the need for improved security practices.
Itay Shakury, VP Open Source at Aqua Security, emphasized the urgency of the situation, advising anyone suspecting they ran a compromised version to immediately treat all pipeline secrets as compromised and rotate them. This includes updating passwords, API keys, and other sensitive credentials.
A Second Incident for Trivy
This isn’t the first time Trivy has been targeted in recent weeks. The Hacker News reports that Trivy was previously compromised in late February and early March 2026, when an automated bot exploited a pull request workflow to steal a Personal Access Token (PAT). This PAT was then used to manipulate the GitHub repository, delete releases, and push malicious versions of Trivy’s Visual Studio Code extension to Open VSX.
Mitigation and Response
Aqua Security has been working to address the compromise and has taken steps to remove the malicious code from the Trivy repository. While, the incident serves as a stark reminder of the importance of proactive security measures. Organizations should review their CI/CD pipelines, identify any instances of compromised Trivy tags, and immediately update to a safe version. Regularly rotating credentials and implementing robust access control measures are also crucial steps in mitigating the risk.
Looking Ahead: Strengthening the Software Supply Chain
The Trivy compromise is part of a broader trend of increasing attacks targeting the software supply chain. These attacks exploit vulnerabilities in the tools and components used to build and deploy software, potentially impacting a large number of organizations. Addressing this threat requires a multi-faceted approach, including improved security practices for open-source projects, enhanced vulnerability management, and greater collaboration between security researchers and software vendors. Ars Technica highlights the wide-ranging consequences of this type of attack.
The incident will likely spur further discussion about the security of CI/CD pipelines and the need for more secure software development practices. Expect to see increased scrutiny of open-source projects and a greater emphasis on supply chain security in the coming months. Organizations should prioritize reviewing and strengthening their security posture to protect against future attacks.