TECHNOLOGYglobal

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Single source

Updated 4 hours ago

First seen March 21, 2026 11:55:46

Stay on top of this story

Follow the names and topics behind it.

Add this story's key topics to your watchlist so LyscoNews can highlight related developments and future matches.

Create free account

Create a free account to sync your watchlist, saved stories, and alerts across devices.

Quick Summary

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and "aquasecurity/setup-trivy," which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow

Perspective lens

Deeper Analysis

All coverage links (1)

The Hacker NewsRegional / Local

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

22 hours ago