Malicious Trivy GitHub Actions releases trigger CI secret rotation
TL;DR — Ensure you are on trivy v0.69.3, trivy-action v0.35.0, and setup-trivy v0.2.6; if you ran compromised releases, rotate all pipeline secrets and block the listed C2.
What happened
Aqua Security posted an incident notice stating that, on March 19, 2026, a threat actor used a compromised credential to publish malicious releases of Trivy (v0.69.4) and the GitHub Actions trivy-action and setup-trivy.
Aqua says their containment of an earlier incident was incomplete: secrets/tokens were rotated, but the rotation "wasn't atomic" and the attacker "may have been privy to refreshed tokens," enabling follow-on authenticated changes.
This matters because CI/CD runners often have broad access (repository tokens, cloud credentials, signing keys). When a widely reused GitHub Action is compromised, the blast radius is downstream and immediate — it turns “security scanning” steps into an execution path for attacker code in your build environment.
Who is impacted
- Any GitHub Actions workflow using
aquasecurity/trivy-actionand/oraquasecurity/setup-trivythat executed during the window when the malicious releases/tags were live. - Any automation that pulled Trivy
v0.69.4from impacted channels/registries. - Organizations whose CI/CD secrets were available to those workflows (e.g.,
GITHUB_TOKEN, cloud credentials, registry creds, signing material).
| Component | Malicious version called out by Aqua | Safe version to use (per Aqua) |
|---|---|---|
trivy | v0.69.4 | v0.69.3 |
trivy-action | malicious release(s) published | v0.35.0 |
setup-trivy | malicious release(s) published | v0.2.6 |
What to do now
- Follow Aqua’s immediate action items:
"An as immediate and urgent action item, ensure you are using the latest safe releases:
- trivy v0.69.3
- trivy-action v0.35.0
- setup-trivy v0.2.6
If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately.
We also recommend that you block the C2 domain
scan[.]aquasecurtiy[.]organd IP45.148.10.212at your network perimeter."
- Identify where you use the actions and upgrade workflow references (search your org for
uses: aquasecurity/trivy-action@anduses: aquasecurity/setup-trivy@). - Rotate credentials that were accessible to impacted jobs (CI secrets, cloud keys, deploy tokens, registry credentials) and review CI logs for suspicious outbound connections matching the C2 indicators.
- After upgrading, pin GitHub Actions to immutable commit SHAs (not mutable tags) to reduce exposure to future tag/release retargeting incidents.
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.