Trivy Security Scanner Compromised Again to Steal CI/CD Secrets

The open-source vulnerability scanner Trivy, maintained by Aqua Security, was compromised for the second time in a month to distribute malware designed to steal sensitive CI/CD secrets. The breach targeted GitHub Actions workflows, specifically the "aquasecurity/trivy-action" and "aquasecurity/setup-trivy" repositories, which are used for scanning Docker container images and configuring Trivy in CI/CD pipelines. Attackers hijacked 75 tags within these repositories to deploy the malicious payload. No specific dates, CVE IDs, or technical details of the malware were disclosed in the report. The incident highlights the ongoing risk to supply chain security in widely used security tools.