Supply‑Chain Attack Compromises Trivy Scanner, Injects Credential‑Stealing Malware via GitHub Actions
What Happened – Threat actors identified as TeamPCP hijacked the build pipeline of the open‑source Trivy vulnerability scanner. By abusing a compromised GitHub credential, they back‑doored the trivy‑action repository and released a trojanized v0.69.4 binary that harvested authentication secrets from any CI/CD workflow that pulled the affected tags.
Why It Matters for TPRM –
- The compromise turns a trusted security tool into a credential‑stealing vector, exposing downstream customers’ secrets.
- Supply‑chain attacks on widely adopted open‑source utilities can affect dozens of industries simultaneously.
- Detection is difficult because malicious code runs before the legitimate scan, potentially remaining hidden for weeks.
Who Is Affected – Cloud‑native developers, DevSecOps teams, and any organization that integrates Trivy (or its GitHub Actions) into CI/CD pipelines across sectors such as technology, finance, healthcare, and retail.
Recommended Actions –
- Immediately halt use of Trivy versions ≤ 0.69.4 and any
aquasecurity/trivy-actiontags released before March 2026. - Verify integrity of all CI/CD pipelines; rotate all credentials discovered in the breach (SSH keys, cloud tokens, CI secrets, etc.).
- Review third‑party risk controls for open‑source dependencies and enforce signed releases or reproducible builds.
Technical Notes – The attackers leveraged a stolen GitHub write token to replace entrypoint.sh in the trivy-action workflow and publish malicious binaries. The infostealer collected host identifiers, environment variables, cloud provider credentials (AWS, GCP, Azure), container registry tokens, CI/CD configuration files, TLS keys, and even cryptocurrency wallet data. No public CVE is associated; the vector is a supply‑chain compromise of the build process. Source: BleepingComputer