THREATNOIR
Subscribe
Back to Feed
Supply ChainMar 23, 2026

Trivy Supply Chain Attack Targets CI/CD Secrets

Trivy open-source tool compromised to steal CI/CD secrets and cloud credentials.

Read at source

Summary

A threat actor compromised the Trivy security scanning tool to inject an infostealer that targets CI/CD workflows, exfiltrating cloud credentials, SSH keys, API tokens, and other sensitive secrets. The attack leverages trust in the widely-used open-source project to gain access to development infrastructure and authentication material. This represents a significant supply chain risk to organizations relying on Trivy for container and artifact scanning.

Indicators of Compromise

  • malware — Trivy infostealer