BREAKING
9h agoAmazon Earnings, Trainium and Commodity Markets, Additional Amazon Notes///9h agoWomen sue the men who used their Instagram feed to create AI porn influencers///9h agoFast16 Malware///9h agoAmazon Earnings, Trainium and Commodity Markets, Additional Amazon Notes///9h agoWomen sue the men who used their Instagram feed to create AI porn influencers///9h agoFast16 Malware///
BACK TO GLOSSARY
PRDProductsSafety

trivy-action

2 mentions across all digests

trivy-action is a GitHub Action maintained by Aqua Security that integrates the Trivy vulnerability scanner into CI/CD pipelines; it was compromised in a March 2026 supply chain attack that exfiltrated pipeline secrets.

/// Stats
First Seen2026-03-24
Last Seen2026-03-24
Total Mentions2
Last 7 Days0
Sources2
Peak Relevance5/5
Active Predictions0
/// Recent Stories
2026-03-21HIGH

Widely used Trivy scanner compromised in ongoing supply-chain attack

Aqua Security's Trivy vulnerability scanner was compromised via stolen credentials, allowing attackers to inject malware into 75+ pipeline action tags that silently exfiltrate GitHub tokens, cloud credentials, and SSH keys to attacker servers.

2026-03-21HIGH

Trivy Compromised a Second Time - Malicious v0.69.4 Release

Aqua Security's widely-used Trivy vulnerability scanner was compromised for the second time in three weeks, with malicious v0.69.4 shipping credential harvesting inside the setup-trivy GitHub Action.

/// Connected Entities
PRDTrivy
2 shared
ORGAqua Security
2 shared