Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing supply-chain attack that could have wide-ranging consequences for developers and the organizations that use them.
Trivy maintainer Itay Shakury confirmed the breach on Friday, following rumors and a thread (now deleted by attackers) discussing the incident. The intrusion began in the early hours of Thursday, and the attackers used stolen credentials to force-push a large number of version tags so that trivy-action and setup-trivy would point to malicious dependencies.
Trivy is a popular vulnerability scanner that developers rely on to detect vulnerabilities and, in some cases, inadvertently expose authentication secrets in pipelines for building and deploying software updates.
Security firms Socket and Wiz describe the malware as scanning development pipelines and even developer machines for GitHub tokens, cloud credentials, SSH keys, Kubernetes tokens, and other secrets; once found, the data is encrypted and sent to attacker-controlled servers. As a result, any CI/CD pipeline referencing compromised version tags could execute attacker code when the Trivy scan runs. Spoofed tags include @0.34.2, @0.33, and @0.18.0; the @0.35.0 tag appears unaffected.
The incident follows an earlier compromise of the Aqua Trivy VS Code extension. Maintainers rotated tokens and secrets, but the process wasn’t fully atomic, leaving residual credentials that enabled the later force-push activity without directly breaching GitHub itself.
Experts urge Trivy users to treat all pipeline secrets as compromised and rotate them immediately, and to follow the defense guidance issued by Socket and Wiz to limit potential fallout.
