Supply Chain Attack Leverages Trivy to Exfiltrate CI/CD Secrets from Multiple Enterprises
What Happened — A threat actor compromised the open‑source container image scanner Trivy and used it as a delivery vehicle for an infostealer. The malicious version was introduced into CI/CD pipelines, where it harvested cloud service credentials, SSH keys, API tokens, and other development‑stage secrets.
Why It Matters for TPRM —
- Supply‑chain compromise of a widely‑adopted security tool can affect any downstream vendor that integrates it.
- Stolen credentials enable lateral movement into cloud environments, increasing the risk of data loss and service disruption for your partners.
- Traditional perimeter controls may miss this threat because the malicious code runs inside trusted build processes.
Who Is Affected — Technology‑as‑a‑Service (SaaS) providers, cloud‑native platforms, software development firms, and any organization that incorporates Trivy into its CI/CD workflow.
Recommended Actions —
- Verify the integrity of all Trivy binaries and containers in use; replace with hashes from the official repository.
- Rotate any cloud credentials, SSH keys, and tokens that may have been exposed.
- Implement strict secret‑management policies (e.g., vault solutions) and enforce least‑privilege access for CI/CD agents.
- Add runtime monitoring for anomalous outbound traffic from build agents.
Technical Notes — The attacker leveraged a compromised Trivy release (likely via a poisoned Docker image or tampered GitHub release) to inject a Go‑based infostealer. The tool then parsed environment variables, configuration files, and .env artifacts to collect secrets, exfiltrating them over encrypted channels to a command‑and‑control server. No specific CVE was cited; the vector is a third‑party dependency supply‑chain attack. Source: Dark Reading