When the Security Scanner Becomes the Weapon: The Trivy Compromise of March 2026
I have spent the past week trying to piece together what actually happened with Trivy. Reading advisories, cross-referencing timelines, digging through GitHub issues and incident discussions, trying to separate confirmed facts from speculation. The more I read, the less comfortable I got. Not because the details were unclear, but because they were clear, and the implications kept getting worse.
The tool you run to find vulnerabilities in your container images was the one stealing your cloud credentials. That is what happened on March 19, 2026, when Aqua Security's Trivy scanner and its GitHub Actions integration were compromised in one of the more targeted supply chain attacks I have seen against the DevSecOps ecosystem.
If you have been running aquasecurity/trivy-action in a CI/CD pipeline over the past few months, read this carefully.