Skip to content
Tech News
← Back to articles

Trivy under attack again: Widespread GitHub Actions tag compromise secrets

2026-03-22 | original
read original get Trivy Security Scanner → more articles
Why This Matters

The recent supply chain attack on Trivy's GitHub Actions highlights the ongoing vulnerabilities in software supply chains, emphasizing the need for vigilant security practices in CI/CD pipelines. This incident underscores the importance for developers and organizations to verify trusted versions and monitor for malicious activity to prevent widespread compromise.

Key Takeaways

A new supply chain attack targeting Trivy has been disclosed today by Paul McCarty, marking the second distinct compromise affecting the Trivy ecosystem in March.

This latest incident impacts GitHub Actions, and is separate from the earlier OpenVSX compromise involving the VS Code extension.

Initial reports have focused on the compromise of Trivy v0.69.4, with downstream ecosystems such as Homebrew already rolling back affected versions. The first known detection of suspicious activity traces back to approximately 19:15 UTC.

However, early findings indicate the scope of the attack extends beyond a single release.

At Socket, we identified that an attacker force-pushed 75 out of 76 version tags in the aquasecurity/trivy-action repository, the official GitHub Action for running Trivy vulnerability scans in CI/CD pipelines. With over 10,000 workflow files on GitHub referencing this action, the potential blast radius is significant. These tags were modified to serve a malicious payload, effectively turning trusted version references into a distribution mechanism for an infostealer. These compromised tags remain active at the time of writing.

Any CI/CD pipeline referencing aquasecurity/trivy-action by version tag, including commonly used tags such as @0.34.2, @0.33.0, or @0.18.0, is executing malicious code before the legitimate Trivy scan runs. This may prevent users from noticing any issues. At this time, @0.35.0 appears to be the only unaffected version tag.

Socket independently detected this activity in real time. Beginning at 19:15 UTC, Socket generated 182 threat feed entries tied to malicious GitHub Actions associated with this campaign. All were correctly classified as Backdoor, Infostealer, or Reconnaissance malware by Socket’s AI scanner.

Screenshot of the Socket package page for of the compromised tags of the aquasecurity/trivy-action GitHub Action, showing a "Known Malware" alert.

The malicious payload is designed to execute within GitHub Actions runners, targeting sensitive data in CI/CD environments. Observed behavior includes dumping runner process memory to extract secrets, harvesting SSH keys, and exfiltrating credentials for AWS, GCP, and Azure, as well as Kubernetes service account tokens.

This marks the second supply chain incident involving Trivy in March. Earlier in the month, a separate compromise affected the Aqua Trivy VS Code extension distributed via OpenVSX, where injected code attempted to abuse local AI coding agents.

... continue reading

Explore topics: trivy github actions aquasecurity openvsx infostealer
Related:
Attackers Hide Infostealer in Copyright Infringement Notices
Trivy supply-chain attack spreads to Docker, GitHub repos
Trivy Supply Chain Attack Spreads, Triggers Self-Spreading CanisterWorm Across 47 npm Packages
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
Widely used Trivy scanner compromised in ongoing supply-chain attack

© 2026 GoKawiil

About | Editorial Policy | Contact