https://appsec.fyi/tools.html#trivy Curated Trivy resources from appsec.fyi en-us Sun, 07 Jun 2026 04:05:35 +0000 carl@chs.us (Carl Sampson) https://www.intelligentliving.co/trivy-trusted-scanner-compromised-cicd/ https://www.intelligentliving.co/trivy-trusted-scanner-compromised-cicd/ Library for securing CI/CD pipelines against supply-chain attacks, particularly concerning the Trivy scanner compromise (CVE-2026-33634, GHSA-69fq-xp46-6×23). The library details techniques for mitigating risks associated with compromised scanning tools, including mandatory secret rotation, auditing pipeline runs, pinning GitHub Actions tags to immutable SHAs, enforcing least-privilege for runners, and increasing monitoring. It highlights how attackers exploit tag mutability and privileged scanner access to steal credentials and access cloud environments. Trivy news Sat, 18 Apr 2026 09:30:46 +0000 https://securityboulevard.com/2026/04/github-actions-supply-chain-attack-trivy-breach-workflow/ https://securityboulevard.com/2026/04/github-actions-supply-chain-attack-trivy-breach-workflow/ Library detailing the GitHub Actions supply chain attack targeting the Trivy security scanner, where attackers leveraged misconfigured workflows and compromised credentials. This campaign, initially led by Hackerbot-claw and later by the TeamPCP group, resulted in code execution, token exfiltration, malicious artifact injection into Trivy's VSCode extension, and force-pushing of version tags. The attacks later expanded to compromise NPM packages and the Checkmarx AST GitHub Action, highlighting the pervasive risks of insecure CI/CD pipelines. Trivy news Wed, 15 Apr 2026 17:05:28 +0000 https://cybersecuritynews.com/european-commission-breach-trivy/ https://cybersecuritynews.com/european-commission-breach-trivy/ Library provides specific MITRE ATT&CK techniques, including Supply Chain Compromise (T1195.002), Cloud Account Compromise (T1586.003), Valid Cloud Accounts (T1078.004), and Data from Local System (T1005), illustrating a supply chain attack on the European Commission via a compromised Trivy version. This incident, detailed by CERT-EU and involving threat actors TeamPCP and extortion group ShinyHunters, led to the exfiltration of over 340 GB of data by exploiting AWS API keys and utilizing tools like TruffleHog. Recommendations include updating Trivy, rotating secrets, restricting CI/CD access, and enabling CloudTrail logs. Trivy news Mon, 06 Apr 2026 02:05:29 +0000 https://www.securityweek.com/european-commission-confirms-data-breach-linked-to-trivy-supply-chain-attack/ https://www.securityweek.com/european-commission-confirms-data-breach-linked-to-trivy-supply-chain-attack/ Writeup detailing the European Commission's data breach, confirming over 300GB of data theft from its AWS environment. Hackers exploited an API key compromised during the TeamPCP-led supply chain attack on Aqua Security's Trivy vulnerability scanner. The attackers leveraged tools like TruffleHog to discover secrets and exfiltrate data related to 71 clients of the Europa web hosting service, with the stolen information later appearing on the ShinyHunters leak site. Trivy news Sat, 04 Apr 2026 10:45:49 +0000 https://www.infoq.com/news/2026/04/trivy-supply-chain-attack/ https://www.infoq.com/news/2026/04/trivy-supply-chain-attack/ Tool Trivy was compromised in a supply chain attack, with malicious release v0.69.4 briefly distributed, exfiltrating sensitive data and executing malicious code. Attackers leveraged compromised credentials and manipulated release processes, impacting downstream systems and related tooling like GitHub Actions. This incident highlights the vulnerability of trusted open source scanners and CI/CD pipelines, prompting calls for artifact integrity verification, credential scoping, and zero-trust principles in software supply chains. Trivy news Fri, 03 Apr 2026 12:15:55 +0000 https://www.scworld.com/brief/trivy-supply-chain-intrusion-reportedly-compromises-cisco-source-code https://www.scworld.com/brief/trivy-supply-chain-intrusion-reportedly-compromises-cisco-source-code Library for identifying and mitigating supply chain risks, highlighted by the Trivy vulnerability scanner's role in a Cisco source code compromise. This incident involved threat actors leveraging illicit GitHub Action plugins to gain access to Cisco's build environment, steal credentials, and exfiltrate AWS keys. The attack resulted in the cloning of over 300 Cisco GitHub repositories, including sensitive AI-related code and data from government agencies and financial institutions, and points to potential further compromises from related LiteLLM and Checkmarx incidents. Trivy news Thu, 02 Apr 2026 18:15:50 +0000