Aqua Security Trivy Supply Chain attack
On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy release. If your project/pipeline utilizes the Trivy ecosystem - please review your pipeline and project for the versions being used of the Trivy tool(s) and images
More information can be found https://advisories.gitlab.com/pkg/golang/github.com/aquasecurity/trivy/GHSA-69fq-xp46-6x23/
Hubbell, Harrison Taylor authored15e157a5