# Trivy Security Scanner Compromised in Supply Chain Attack Targeting Secrets

_Friday, April 10, 2026 at 12:14 AM EDT · Cybersecurity · Latest · Tier 1 — Major_

![Trivy Security Scanner Compromised in Supply Chain Attack Targeting Secrets — Primary](https://vaultproof.dev/ogimage.png)

Security researchers have detailed a supply chain attack against Trivy, a popular open-source security scanner used by DevOps teams to detect vulnerabilities in containers and infrastructure.

The attackers distributed a malicious version of the tool that harvested credentials from connected secrets managers. When users ran the compromised scanner against their infrastructure, it extracted sensitive authentication data and exfiltrated it to attacker-controlled servers.

Trivy, developed by Aquasec, has become a standard component in CI/CD pipelines. The tool scans container images, filesystems, and Git repositories for vulnerabilities and misconfigurations.

The attack represents a growing trend of targeting widely-used development and security tools to gain access to enterprise environments. By compromising tools that legitimate engineers use daily, attackers can bypass traditional perimeter defenses and harvest credentials with minimal suspicion.

Organizations using Trivy should verify they are running the official release and audit recent scanning activity for unauthorized credential access. Security teams should implement code signing verification and software bill of materials (SBOM) tracking for all tools integrated in their build pipelines.

## Sources

- [Vaultproof Security](https://vaultproof.dev/blog/trivy-supply-chain-attack)

---
Canonical: https://techandbusiness.org/newswire/Ruh0gdgQ7WMe3G4XTqmf8S
Retrieved: 2026-04-21T16:33:53.055Z
Publisher: Tech & Business (techandbusiness.org)