Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Summary
Attackers have compromised the open-source Trivy vulnerability scanner, injecting credential-stealing malware into official releases and GitHub Actions. This supply chain attack potentially exposes secrets used in CI/CD workflows of thousands of projects. Developers are urged to rotate all pipeline secrets immediately if they suspect they used a compromised version.
IFF Assessment
This is bad news for defenders as a critical security tool has been compromised, leading to potential widespread exposure of sensitive credentials.
Defender Context
This incident highlights the severe risks associated with supply chain attacks, even on security tools themselves. Defenders must remain vigilant about verifying the integrity of the software they use, especially in automated pipelines. Promptly rotating secrets after any suspected compromise is crucial to mitigate cascading breaches.