To be clear, this is a supply chain attack on everyone that uses Trivy, not a supply chain attack on Trivy. It was a direct attack on Trivy, exploiting components that Aqua had full control and responsibility for. The term “supply chain attack” has a connotation of “it’s not really my fault, it was my dependencies that got compromised”.

Of course, every entity is ultimately accountable for its own security, including assigning a level of trust to any dependencies, so it’s ultimately no excuse, but getting hit by a supply chain attack does evoke a little more sympathy (“at least I did my bit right”), and I feel like the ambiguous wording of the title is trying to access some of that sympathy.

This attack seems predicated on a prior security incident (https://socket.dev/blog/unauthorized-ai-agent-execution-code...) at Trivy where they failed to successfully remediate and contain the damage. I think at this time, Trivy should’ve undertaken a full reassessment of risks and clearly isolated credentials and reduced risk systemically. This did not happen, and the second compromise occurred.

I don’t think “briefly compromised” is accurate. The short span between this and the previous compromise of trivy suggests that the attacker was able to persist between their two periods of activity.

Don't forget to pin your GitHub Actions to SHAs instead of tags, that may or may not be immutable!

Lots more technical research about the actual attack and how it worked here: https://socket.dev/blog/trivy-under-attack-again-github-acti...

Disclosure: I’m the founder of Socket.

The irony of your vulnerability scanner being the vulnerability.

> credential rotation was performed but was not atomic (not all credentials were revoked simultaneously).

How do you simultaneously revoke all credentials of all your accounts spanning multiple services/machines/users?

Are the spam comments all from compromised accounts, presumably compromised due to this hack?

I only clicked on a handful of accounts but several of them have plausibly real looking profiles.

Briefly?

"Trivy Supply Chain Attack Spreads, Triggers Self-Spreading CanisterWorm Across 47 npm Packages"

https://it.slashdot.org/story/26/03/22/0039257/trivy-supply-...

yeah, we keep learning the same lesson: the tool that audits your supply chain is the single best target for compromising it

Pretty ironic that the security tool is insecure

[dead]

[dead]