TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Application Security Trivy Supply Chain Attack Targets CI/CD Secrets Trivy Supply Chain Attack Targets CI/CD Secrets by Jai Vijayan Mar 23, 2026 4 Min Read Application Security CISOs Debate Human Role in AI-Powered Security CISOs Debate Human Role in AI-Powered Security by Alexander Culafi Mar 23, 2026 5 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America Recent in World See All Application Security Real-Time Banking Trojan Strikes Brazil's Pix Users Real-Time Banking Trojan Strikes Brazil's Pix Users by Alexander Culafi Mar 13, 2026 4 Min Read Threat Intelligence Iran's Cyber-Kinetic War Doctrine Takes Shape Iran's Cyber-Kinetic War Doctrine Takes Shape by Alexander Culafi Mar 6, 2026 4 Min Read The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Application Security Threat Intelligence Vulnerabilities & Threats Cyberattacks & Data Breaches News Trivy Supply Chain Attack Targets CI/CD Secrets A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and other sensitive secrets. Jai Vijayan , Contributing Writer March 23, 2026 4 Min Read Source: ImageFlow via Shutterstock A threat actor is systematically targeting cloud credentials, SSH keys, authentication tokens, and other sensitive secrets stored in automated enterprise software build and deployment pipelines after compromising Trivy, the widely deployed cloud security scanning tool. Trivy is an open-source scanner that organizations use to identify vulnerabilities in container images, code repositories, and infrastructure configurations. Many organizations have embedded Trivy deep into their automated CI/CD software development pipelines making it a high-value target for attackers. Aqua Security, the primary maintainer of the scanner, sells a separate commercial version of Trivy, which according to the company does not appear to have been impacted by the supply chain attack. Multi-Stage Supply Chain Attack The compromise began in February, when the attacker exploited a misconfiguration in Trivy’s GitHub Action component to steal a privileged access token. The attacker subsequently used the token to infiltrate Trivy’s repository automation and release environment. Related: CISOs Debate Human Role in AI-Powered Security The Trivy team discovered and disclosed that initial intrusion on March 1. They executed a credential rotation at the time, but it was not as comprehensive as they thought it might have been because the attacker managed to retain access to the environment and also capture newly rotated secrets. On March 19th, the attacker used those credentials to force-push malicious code to 76 of the 77 previously released versions of trivy-action, the GitHub Actions that organizations use to run Trivy scans inside their automated CI/CD pipelines. Any CI/CD pipeline that referenced any of those versions would have pulled down and unknowingly executed the malicious code instead of the legitimate original. The attacker similarly poisoned all seven versions in the setup-trivy repository for setting up the scanner. In addition, the threat actor exploited a compromised automated service account called aqua-bot to publish a malicious version of Trivy, v0.69.4, and manipulate its GitHub Action tags. "Rather than introducing a new, clearly malicious version, the attackers used a more sophisticated approach," Aqua Security said in a blog post on March 22. "By modifying existing version tags associated with trivy-action , they injected malicious code into workflows that organizations were already running." Because many automated CI/CD pipelines rely entirely on version labels without verifying that the code hasn’t changed since they first started using it, they continued running as usual without detecting the tampering, Aqua said. Related: AI Conundrum: Why MCP Security Can't Be Patched Away In a March 23 update, Aqua disclosed that the threat actor had exploited the compromised automated service account (aqua-bot) to also publish two compromised Docker images , v0.69.5 and v0.69.6, effectively spreading malware through Trivy’s trusted release pipeline. Credential Stealing Payload The Trivy security team and Aqua described the payload itself as a credential-harvesting infostealer that scans more than 50 filesystem locations for SSH keys, cloud provider credentials for AWS, Google Cloud, and Azure, Kubernetes authentication tokens, Docker configuration files, environment variable files, database credentials, and cryptocurrency wallets. Their analysis showed the malware using AES-256-CBC with RSA-4096 hybrid encryption to encrypt and transmit stolen data to attacker-controlled infrastructure. In instances where such exfiltration is not possible, the malware creates a public GitHub repository on the victim's account (named public tpcp-docs) and uploads the data from there, Trivy and Aqua said. "This combination of credential compromise, abuse of trusted release channels, and silent execution within CI/CD pipelines is a clear example of a modern software supply chain attack," Aqua said. "Rather than targeting a single organization, the attackers leveraged widely trusted tooling to reach downstream users at scale." Related: GlassWorm Malware Evolves to Hide in Dependencies What makes the attack particular troubling is that it affects a security tool that many organizations rely on and implicitly trust to detect vulnerabilities and to protect them against attacks. This is the second recent incident involving either a security tool or a vendor. Earlier this month, Outpost24 reported an incident where someone attempted to steal credentials from a C-level executive at the company using a sophisticated seven-stage phishing chain. Though that particular attack failed, that incident and now the one involving Trivy are evidence of growing attacker interest in targeting vendors and products that most companies implicitly trust and provide near unfettered access to their environments. Aqua and Trivy urged organizations that use any affected version of Trivy, trivy-action, or setup-trivy during the exposure windows to treat all secrets accessible to those pipelines as compromised and to rotate them immediately. Aqua recommended that affected organizations audit Trivy versions to see if they might have pulled or executed the weaponized Trivy v0.69.4 version from any source and to remove them immediately. The company also urged a review of all workflows using aquasecurity/trivy-actionoraquasecurity/setup-trivy for signs of compromise. Aqua's blog specified other actions that organizations need to take to mitigate risk from the supply chain attack . About the Author Jai Vijayan Contributing Writer Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill. See more from Jai Vijayan Want more Dark Reading stories in your Google search results? Add Us Now More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report The ROI of AI in Security Cybersecurity Forecast 2026 ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars Editor's Choice Cybersecurity Operations Why Stryker's Outage Is a Disaster Recovery Wake-Up Call Why Stryker's Outage Is a Disaster Recovery Wake-Up Call by Jai Vijayan Mar 12, 2026 5 Min Read Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks Threat Intelligence Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats Jan 2, 2026 Cyber Risk Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult Jan 12, 2026 | 7 Min Read Endpoint Security CISOs Face a Tighter Insurance Market in 2026 Jan 5, 2026 | 7 Min Read Threat Intelligence 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child Jan 30, 2026 | 8 Min Read Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and e