How to Respond to the Trivy Supply Chain Compromise

Introduction

In early 2025, hackers compromised Aqua Security's widely used Trivy vulnerability scanner in a supply chain attack. By using stolen credentials, they force-pushed malicious dependencies to all but one tag of the Trivy Action and several setup-trivy tags. This guide helps you assess your exposure, verify your installations, and secure your CI/CD pipelines against such threats. Follow these steps to protect your development environment.

What You Need

• Access to your GitHub repositories and CI/CD logs
• Your Trivy scanner version(s) and installation method
• Git command-line tool installed
• Review of any automated workflows or actions referencing Trivy
• Permissions to revoke and rotate API tokens and credentials
• Optionally, a secondary vulnerability scanner for cross-checking

Step 1: Determine If You Are Affected

Check whether your project uses the compromised Trivy Docker images, GitHub Actions, or CLI versions. The attackers targeted all tags except one in the trivy-action repository and seven tags in setup-trivy. Review your .github/workflows files for references like aquasecurity/trivy-action@v* or aquasecurity/setup-trivy@v*. Also, verify the image tags you pull from Docker Hub or other registries.

Step 2: Verify the Integrity of Your Current Trivy Installation

Even if you do not use the compromised tags, assume your environment may be at risk. Run the following checks:

1. Check Git history: Use git reflog and git log --all on any mirrored Trivy repositories to detect unexpected forced pushes. Look for commits with unusual hashes or timestamps.
2. Compare checksums: Download the official SHA256 sums from Aqua Security and compare them against your local binaries. If you use containers, inspect the image manifest.
3. Scan for backdoors: Use a different vulnerability scanner (e.g., Snyk or npm audit) to analyze your Trivy binary or container image for known malicious patterns.

Step 3: Rotate All Credentials

Because the attackers used stolen credentials to force-push, assume that any tokens or secrets exposed to your CI/CD environment — including those used by Trivy — are compromised. Rotation is critical:

• Revoke and regenerate GitHub personal access tokens, deploy keys, and OAuth apps.
• Update any API keys stored in repository secrets (e.g., for registries, cloud providers).
• Enable two-factor authentication on all accounts with write access to your repositories.

Step 4: Remove or Quarantine Potentially Malicious Builds

If your CI/CD pipeline ran after the malicious tags were force-pushed (early Thursday), those builds may have introduced compromised dependencies. Take these actions:

1. Identify all pipeline runs triggered between the attack window and your discovery.
2. Roll back any deployments that used those builds.
3. Re-run security scans using trusted tools on any artifacts generated during that period.
4. Consider redeploying from a clean commit.

Step 5: Update to a Clean Version

Aqua Security has likely released patched versions after the incident. Follow their official channels to obtain the latest trusted release. When updating:

• Pin your version to a specific, verified tag or hash rather than using @latest or @v* patterns.
• Verify the integrity of the update using cryptographic signatures or checksums provided by Aqua Security.
• Test the update in an isolated environment before rolling out to production.

Step 6: Harden Your CI/CD Pipelines Against Future Attacks

Supply chain attacks like this one can be mitigated with better security practices. Implement the following measures:

• Branch protection rules: Require signed commits and pull request reviews before merging. Disable force pushes on important branches.
• Use deterministic tags: Instead of v1 tags, use commit hashes or verifiable digests for third-party actions.
• Monitor for anomalous git activity: Set up alerts for forced pushes or unexpected tag changes.
• Audit third-party tools regularly: Subscribe to security advisories for tools like Trivy and review their changelogs.
• Assume breach posture: Always rotate credentials after any security incident and log all pipeline actions.

Tips

• Document every step you take for audit trails and future reference.
• Communicate the incident to your team and stakeholders promptly, but avoid spreading unconfirmed details.
• Consider pinning Docker images using both the tag and digest (e.g., aquasec/trivy:0.50.1@sha256:abc123).
• Run reproducible builds whenever possible to make verification easier.
• Stay updated on Aqua Security's official incident reports and patch notes.

By following these steps, you can reduce the impact of the Trivy supply chain attack and strengthen your overall security posture. Remember that vigilance and prompt action are essential in defending against evolving threats.