Home / Posts / Trivy Post-Mortem

[Deep Dive] Trivy Supply Chain Attack: Aqua Security Post-Mortem

Dillip Chowdary

Dillip Chowdary

March 24, 2026 • 10 min read

Aqua Security has released its final post-mortem regarding the March 19 supply chain attack that targeted Trivy v0.69.4. The incident, which sent shockwaves through the DevSecOps community, involved the sophisticated compromise of automated build pipelines.

How the Tokens Were Taken

The attackers utilized a credential-stuffing attack against a maintainer's personal account that lacked hardware-based 2FA. Once inside, they extracted a GitHub Actions secret token that had elevated permissions. This token allowed the attackers to modify the release workflow, injecting a malicious binary into the Trivy distribution without triggering a secondary review.

The malware was designed to exfiltrate KUBECONFIG files and cloud provider metadata from any environment where the compromised version of Trivy was executed. It utilized a subtle DNS tunneling technique to bypass traditional egress filtering.

Timeline of the Attack

- **Mar 18 23:40:** Initial account compromise.
- **Mar 19 04:15:** Release workflow modified.
- **Mar 19 09:00:** Trivy v0.69.4 published with malware.
- **Mar 19 14:30:** First community report of unusual DNS traffic.
- **Mar 19 16:00:** Aqua Security pulls the release and revokes all tokens.

The Secret Exposure Crisis

One of the primary goals of the attack was the discovery of downstream secrets. As Trivy scanned infrastructure, the malware would actively look for unmasked API keys and credentials in logs and environment variables.

Never Leak a Secret Again

The Trivy attack proves that even your security tools can be turned against you. Use the Data Masking Tool to ensure that sensitive data is never exposed in plain text, even if your pipeline is compromised.

Secure Your Secrets Now →

Lessons Learned

Aqua Security has committed to a "Hardware 2FA Only" policy for all maintainers and has implemented OIDC-based authentication for its build processes, eliminating the need for long-lived GitHub Secrets. The community is urged to audit their environments for any execution of the v0.69.4 binary and rotate any secrets that were present in scanned environments during that window.