Skip to content
Tech News
← Back to articles

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

2026-03-21 | original
read original get Trivy Vulnerability Scanner Book → more articles
Why This Matters

The compromise of the Trivy vulnerability scanner highlights the growing risks in supply-chain security, especially for widely-used developer tools. This incident underscores the importance of rigorous security practices and monitoring for both organizations and consumers relying on open-source software, as attackers can exploit trusted tools to distribute malware and steal sensitive data.

Key Takeaways

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions.

Trivy is a popular security scanner that helps identify vulnerabilities, misconfigurations, and exposed secrets across containers, Kubernetes environments, code repositories, and cloud infrastructure. Because developers and security teams commonly use it, it is a high-value target for attackers to steal sensitive authentication secrets.

The breach was first disclosed by security researcher Paul McCarty, who warned that Trivy version 0.69.4 had been backdoored, with malicious container images and GitHub releases published to users.

Further analysis by Socket and later by Wiz determined that the attack affected multiple GitHub Actions, compromising nearly all version tags of the trivy-action repository.

Researchers found that threat actors compromised Trivy's GitHub build process, swapping the entrypoint.sh in GitHub Actions with a malicious version and publishing trojanized binaries in the Trivy v0.69.4 release, both of which acted as infostealers across the main scanner and related GitHub Actions, including trivy-action and setup-trivy.

The attackers abused a compromised credential with write access to the repository, allowing them to publish malicious releases. These compromised credentials are from an earlier March breach, in which credentials were exfiltrated from Trivy's environment and not fully contained.

The threat actor force-pushed 75 out of 76 tags in the aquasecurity/trivy-action repository, redirecting them to malicious commits.

As a result, any external workflows using the affected tags automatically executed the malicious code before running legitimate Trivy scans, making the compromise difficult to detect.

Socket reports that the infostealer collected reconnaissance data and scanned systems for a wide range of files and locations known to store credentials and authentication secrets, including:

Reconnaissance data: hostname, whoami, uname, network configuration, and environment variables

... continue reading

Explore topics: trivy github actions teampcp container security credential theft
Related:
Widely used Trivy scanner compromised in ongoing supply-chain attack
Chainguard is racing to fix trust in AI-built software - here's how
More Attackers Are Logging In, Not Breaking In
Xygeni GitHub Action Compromised Via Tag Poison
If It Quacks Like a Package Manager

© 2026 GoKawiil

About | Editorial Policy | Contact