Sophisticated Supply Chain Attack Targets Trivy Vulnerability Scanner, Exposing CI/CD Risks
Aqua Security uncovered a sophisticated supply chain attack targeting its open-source Trivy vulnerability scanner, demonstrating how threat actors can exploit trusted development workflows to steal sensitive data without detection. The incident, which did not impact Aqua’s commercial products, highlights critical vulnerabilities in CI/CD pipelines.
Attack Overview
Rather than distributing a malicious binary, attackers hijacked existing GitHub repositories aquasecurity/trivy-action and setup-trivy using stolen credentials. By force-pushing malicious commits to version tags (e.g., v0.x), they ensured automated pipelines pulled compromised code. Since many organizations rely on mutable tags instead of immutable commit hashes, the altered code executed undetected.
The injected payload ran before Trivy’s legitimate scanning process, allowing workflows to complete normally while exfiltrating high-value secrets, including:
- Cloud credentials (AWS, GCP, Azure)
- API tokens and access keys
- SSH private keys
- Kubernetes service account tokens
- Docker configuration files
Given CI/CD pipelines’ broad infrastructure access, this could enable lateral movement, privilege escalation, and full environment compromise.
Timeline & Persistence
- Late February 2026: Initial compromise occurred.
- March 1: Incomplete credential rotation allowed attackers to retain access.
- March 22: Additional suspicious activity suggested attempts to reestablish persistence, indicating a multi-stage operation.
Aqua revoked compromised credentials, removed malicious artifacts, and transitioned away from long-lived tokens. Incident response firm Sygnia assisted in forensic investigation and containment. The company confirmed its commercial platform remained unaffected due to strict architectural separation, including isolated infrastructure and gated security reviews.
Mitigation & Indicators of Compromise
Organizations using Trivy in automated workflows should:
- Upgrade to Trivy v0.69.2 or v0.69.3
- Use safe GitHub Action versions: trivy-action v0.35.0 or setup-trivy v0.2.6
- Rotate all secrets if v0.69.4 was executed in any pipeline
Security teams should monitor and block the following indicators:
- Domain: scan.aquasecurtiy[.]org
- IP Address: 45.148.10.212
- Secondary C2: plug-tab-protective-relay.trycloudflare.com
- GitHub repo: Unauthorized tpcp-docs
- ICP-based C2: tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io
Key Takeaway
The attack exploited over-reliance on mutable version tags in CI/CD pipelines. A simple defensive measure pinning dependencies to immutable commit SHA hashes could have prevented the compromise. As CI/CD pipelines become prime targets, organizations must enforce strict access controls, monitoring, and dependency integrity validation to mitigate supply chain risks.
Source: https://cyberpress.org/aqua-securitys-trivy-scanner-hit-by-supply-chain-attack/
Semgrep cybersecurity rating report: https://www.rankiteo.com/company/semgrep
Aqua-Aerobic Systems, Inc. cybersecurity rating report: https://www.rankiteo.com/company/aqua-aerobic-systems-inc-
"id": "SEMAQU1774434920",
"linkid": "semgrep, aqua-aerobic-systems-inc-",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Organizations using Trivy in '
'automated workflows',
'industry': 'Cybersecurity',
'name': 'Aqua Security (Trivy open-source project)',
'type': 'Open-source software provider'}],
'attack_vector': 'Hijacked GitHub repositories, malicious commits to version '
'tags',
'customer_advisories': 'Organizations using Trivy in automated workflows '
'should upgrade and rotate secrets',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': 'Credentials and '
'access tokens',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Cloud credentials',
'API tokens',
'Access keys',
'SSH private keys',
'Kubernetes service account '
'tokens',
'Docker configuration files']},
'date_detected': '2026-03-22',
'description': 'Aqua Security uncovered a sophisticated supply chain attack '
'targeting its open-source Trivy vulnerability scanner, '
'demonstrating how threat actors can exploit trusted '
'development workflows to steal sensitive data without '
'detection. The incident highlights critical vulnerabilities '
'in CI/CD pipelines.',
'impact': {'data_compromised': 'Cloud credentials (AWS, GCP, Azure), API '
'tokens, access keys, SSH private keys, '
'Kubernetes service account tokens, Docker '
'configuration files',
'identity_theft_risk': 'High (PII and credentials exposed)',
'operational_impact': 'Potential full environment compromise, '
'lateral movement',
'systems_affected': 'CI/CD pipelines using compromised Trivy '
'versions'},
'initial_access_broker': {'backdoors_established': 'Malicious commits to '
'version tags',
'entry_point': 'Hijacked GitHub repositories '
'(aquasecurity/trivy-action, '
'setup-trivy)',
'high_value_targets': 'CI/CD pipelines with broad '
'infrastructure access'},
'investigation_status': 'Contained, forensic investigation completed',
'lessons_learned': 'The attack exploited over-reliance on mutable version '
'tags in CI/CD pipelines. Pinning dependencies to '
'immutable commit SHA hashes could have prevented the '
'compromise.',
'motivation': 'Data exfiltration, lateral movement, privilege escalation',
'post_incident_analysis': {'corrective_actions': 'Revoked compromised '
'credentials, transitioned '
'to immutable commit hashes, '
'enhanced monitoring',
'root_causes': 'Stolen credentials, mutable '
'version tags in CI/CD pipelines, '
'incomplete credential rotation'},
'recommendations': ['Upgrade to Trivy v0.69.2 or v0.69.3',
'Use safe GitHub Action versions: trivy-action v0.35.0 or '
'setup-trivy v0.2.6',
'Rotate all secrets if v0.69.4 was executed in any '
'pipeline',
'Enforce strict access controls, monitoring, and '
'dependency integrity validation in CI/CD pipelines'],
'references': [{'source': 'Aqua Security'}],
'response': {'containment_measures': 'Revoked compromised credentials, '
'removed malicious artifacts, '
'transitioned away from long-lived '
'tokens',
'incident_response_plan_activated': True,
'remediation_measures': 'Upgraded to Trivy v0.69.2 or v0.69.3, '
'pinned dependencies to immutable commit '
'SHA hashes',
'third_party_assistance': 'Sygnia (forensic investigation and '
'containment)'},
'title': 'Sophisticated Supply Chain Attack Targets Trivy Vulnerability '
'Scanner, Exposing CI/CD Risks',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Over-reliance on mutable version tags in CI/CD '
'pipelines, stolen credentials'}