The Tool That Checks For Fleas Has Fleas: Trivy Gets Ticked Twice In One Month

Oh good. The thing you use to check for parasites is now the parasite. I love this industry. I truly do.

For those of you who missed the first incident because you were busy ignoring my previous alerts, here is the short version. Trivy, the open-source vulnerability scanner maintained by Aqua Security, got compromised. Again. Twice in thirty days. The wolves didn't bother sneaking through a hole in the fence this time. They just walked right in through the front gate wearing a lab coat and a clipboard.

Seventy-five tags. Hijacked. Gone. Used to deliver ticks straight into your CI/CD pipeline.

Let that sink in while you finish your third coffee.

The infected actions in question are "aquasecurity/trivy-action" and "aquasecurity/setup-trivy." These are the things your pipelines use to scan Docker container images for vulnerabilities. Your automated shepherd, basically. The one job it had was to check the flock for fleas. Instead it became the flea.

The wolves targeted your CI/CD secrets. Pipeline tokens, credentials, keys, all the sensitive material your build process carries around like a sheep with a very full wool coat. Once those are gone, the coyote is not just in the pasture. The coyote is in the barn, in the farmhouse, and honestly probably already on the phone with your database.

The Shepherds, naturally, were not available for comment. They were busy approving the Q3 budget slides.

What makes this particularly exhausting is the supply chain angle. You didn't click the fake grain. Your flock didn't do anything obviously stupid this time, which is a refreshing change of pace. No, this time the tool you trusted to protect you was the delivery mechanism. The electric fence was the one handing out keys. Congratulations, the paranoia was justified all along.

The Sky Pasture is full of these dependencies. Hundreds of them. Quietly sitting in your workflows, pinned to tags that someone else controls, updated by maintainers who are also just tired humans making mistakes or, worse, getting compromised themselves.

You pinned to a tag. Not a commit hash. A tag. Tags move. Tags are lies. Tags are a social contract with a stranger on the internet and that contract just got violated for the second time in a month.

I am so tired.

Remediation

Fine. Here is what you do, not that anyone will actually do it before the next incident.

Pin to commit hashes, not tags. Tags are mutable. A specific commit SHA is not. Use it. uses: aquasecurity/trivy-action@abc1234def not @v1.2.3. Do this now. Do this for everything.

Audit your GitHub Actions dependencies. All of them. Yes, all of them. Make a list. Check what each one does. Check when it was last updated. Check if it was recently updated by someone who is not the usual maintainer.

Rotate your CI/CD secrets immediately. Assume they are already out in the pasture somewhere. Revoke and regenerate tokens, API keys, and credentials that your pipelines touch. All of it.

Use least-privilege permissions in your workflows. Your pipeline does not need write access to everything. Scope it down. A compromised action with minimal permissions is a bad day. A compromised action with full repository access is a catastrophe.

Enable dependency review and alerting. GitHub has tooling for this. Use it. Set up alerts for when your actions dependencies change unexpectedly.

Check Aqua Security's official advisories and apply any guidance they have published. They know what was in those 75 tags. You want that list.

The tool that checks for fleas needs to be checked for fleas. Everything needs to be checked for fleas. Welcome to supply chain security. I am going to go lie down in the mud for a while.

Posted at 3:47 AM. Yes, really.

Original Report: https://thehackernews.com/2026/03/trivy-security-scanner-github-actions.html