Trivy Scanner Faces Second Compromise in March 2026
Aqua Security's widely-used Trivy vulnerability scanner became the target of a sophisticated supply chain attack on March 20, 2026, marking the second security incident affecting the open-source tool within a single month. The compromise specifically targeted two critical GitHub Actions repositories: "aquasecurity/trivy-action" and "aquasecurity/setup-trivy," which collectively serve thousands of development teams worldwide for automated container security scanning.
The attack represents a concerning escalation in supply chain targeting, with threat actors demonstrating persistent focus on compromising popular DevSecOps tools. Trivy, which has become a cornerstone security scanner for Docker containers and Kubernetes deployments, processes millions of vulnerability scans daily across enterprise CI/CD pipelines. The tool's integration into GitHub Actions workflows makes it an attractive target for attackers seeking to infiltrate software development lifecycles.
Security researchers discovered the malicious code embedded within the GitHub Actions workflows was designed to exfiltrate sensitive CI/CD secrets, including API keys, authentication tokens, and deployment credentials. The malware operated by intercepting environment variables and secret values during the scanning process, then transmitting this data to attacker-controlled infrastructure. This technique allows cybercriminals to gain persistent access to development environments and potentially inject malicious code into production systems.
The timing of this second attack suggests either the same threat group returned after initial remediation efforts, or multiple adversaries are now targeting Trivy's supply chain. The previous compromise in February 2026 had already raised concerns about the security posture of critical open-source security tools, prompting many organizations to implement additional verification steps for their CI/CD pipelines.
Related: GlassWorm Malware Hijacks GitHub Tokens to Poison Python
Related: GitHub Accounts Breached in VS Code GlassWorm Aftermath
GitHub Actions Users and CI/CD Pipelines at Risk
Organizations using the compromised GitHub Actions face immediate exposure of their CI/CD secrets and development infrastructure. The "aquasecurity/trivy-action" repository alone has been integrated into over 50,000 public GitHub repositories, with enterprise usage likely extending this number significantly. Development teams running automated security scans through these actions between the compromise date and discovery window potentially had their secrets harvested by the malicious code.
The attack particularly impacts DevSecOps teams who rely on Trivy for container vulnerability assessment in their continuous integration workflows. Organizations using GitHub Enterprise Server, GitHub.com public repositories, and private repositories with these specific actions are all within the blast radius. The malware's focus on CI/CD secrets means attackers could have gained access to cloud service credentials, database connection strings, third-party API keys, and deployment tokens stored as GitHub secrets.
Enterprise environments with automated deployment pipelines face the highest risk, as compromised credentials could enable attackers to push malicious code directly into production systems. Financial services, healthcare, and technology companies that have adopted container-first development practices and rely heavily on automated security scanning are particularly vulnerable. The incident affects both direct users of the compromised actions and downstream consumers of any software built using these compromised workflows.
Immediate Response and Mitigation Steps for Trivy Users
Organizations must immediately audit their GitHub Actions workflows to identify usage of the compromised "aquasecurity/trivy-action" and "aquasecurity/setup-trivy" actions. Teams should review their GitHub Actions logs from March 15-20, 2026, looking for any unusual network connections or unexpected data transfers during Trivy scanning operations. All GitHub secrets and environment variables accessible to workflows using these actions should be considered potentially compromised and rotated immediately.
Aqua Security has released updated versions of both GitHub Actions with the malicious code removed and additional integrity checks implemented. Users should update to the latest versions and pin their action references to specific commit hashes rather than using branch references like "@main" or "@v1". The CISA Known Exploited Vulnerabilities catalog now includes guidance for supply chain compromise detection and response procedures that organizations should follow.
Security teams should implement additional monitoring for their CI/CD pipelines, including network traffic analysis during build processes and secret usage auditing. Organizations should also consider implementing GitHub's secret scanning features and requiring signed commits for critical repositories. For immediate protection, teams can temporarily switch to alternative vulnerability scanning tools or run Trivy in isolated environments without access to sensitive secrets until the security posture is fully restored.
