Hackers force-pushed malicious code into 75+ Trivy vulnerability scanner tags, stealing CI/CD pipeline secrets from any org running affected versions.
Aqua Security's Trivy vulnerability scanner — with 33,200 GitHub stars — was compromised via stolen credentials used to force-push malicious dependencies across virtually all trivy-action and setup-trivy tags. The malware actively scours CI/CD pipelines for GitHub tokens, cloud credentials, SSH keys, and Kubernetes tokens, encrypting and exfiltrating them to an attacker-controlled server. Security firms Socket and Wiz confirmed 75 compromised tags are affected. Only version @0.35.0 is unaffected. The attack began Thursday; maintainer Itay Shakury confirmed it Friday and advised immediate secret rotation.
Any CI/CD pipeline referencing a compromised Trivy tag — including the widely used @0.34.2, @0.33, and @0.18.0 — has already executed attacker code and leaked every secret it touched. This is not theoretical: GitHub tokens, AWS credentials, SSH keys, and Kubernetes tokens are actively being exfiltrated right now. Only @0.35.0 is clean.
Search your repos for any trivy-action or setup-trivy references using `grep -r 'trivy-action' .github/` — if any tag other than @0.35.0 appears, immediately pin to @0.35.0, rotate all secrets in that pipeline (GitHub tokens, cloud IAM keys, SSH keys, Kubernetes service account tokens), and audit your cloud provider's access logs for anomalous API calls in the last 72 hours.
Run `grep -r 'trivy' .github/workflows/` in your terminal right now — if you see any version tag other than @0.35.0, you have a confirmed exposure requiring immediate secret rotation.
Tags
Signals by role
Also today
Tools mentioned