Skip to content

Security Alert: Compromised Aqua Security Trivy Action (v0.69.4 and possibly others) #22006

New issue
New issue
Closed
#22007
Closed
Security Alert: Compromised Aqua Security Trivy Action (v0.69.4 and possibly others)#22006
#22007
Assignees
mnkiefercopilot-swe-agent
Labels
security
@mnkiefer

Description

@mnkiefer
mnkiefer
opened on Mar 20, 2026
  • A confirmed compromise has been identified in Aqua Security’s Trivy GitHub Action (v0.69.4), with potential impact extending to additional versions.
  • Only v0.35.0 and v0.2.6 are currently verified as safe.
  • Immediate steps:
    • Stop using affected or unverified versions
    • Pin workflows to a safe version
    • Review recent pipeline runs for suspicious activity

Metadata

Metadata

Assignees

Labels

security

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions