Saibotk ☕6d ago
daniel:// stenberg://

The open source vulnerability scanner trivy has experienced a *second* security incident: a compromised release (v0.69.4) was published to the trivy repository.

https://www.stepsecurity.io/blog/trivy-compromised-a-second-time---malicious-v0-69-4-release

Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised - StepSecurity

On March 19, 2026, trivy — a widely used open source vulnerability scanner maintained by Aqua Security — experienced a second security incident. Three weeks after the hackerbot-claw incident on February 28 that resulted in a repository takeover, a new compromised release (v0.69.4) was published to the trivy repository. The original incident disclosure discussion (#10265) was also deleted during this period, and version tags on the aquasecurity/setup-trivy GitHub Action were removed. Trivy maintainers deleted the v0.69.4 tag and Homebrew downgraded to v0.69.3. The following is a factual account of what we observed through public GitHub data.

Mar 20 at 10:10pmWeb
Show threadgloriouscow6d ago

@bagder

uhhh brb i gotta check a few things in my github actions

Show threadgloriouscow6d ago

@bagder wait.. a release tag can point to a commit NOT EVEN IN THE REPO?

... even with a warning, honestly what the f@#$

Show threadRafael Martins6d ago
@gloriouscow on github, a repo and its forks are hosted as a single git repository, for storage reasons, then yeah, any fork commit hash IS VALID on the main repo 🤡
Show threadgloriouscow6d ago

@rafaelmartins ... right, i forgot that salient detail.

this pretty much implies if you are calling github actions using booty-format@v4 or something, v4 is just a tag that could get rug-pulled at any point.

wonderful

Show threadRafael Martins6d ago
@gloriouscow yep, that's why people recommend using hashes instead of these tags
Show threadRafael Martins6d ago
@bagder who scans the scanner?
Show threadJohn Cortexiphan6d ago
@bagder eeeek
Show threadJoel Takvorian5d ago

@bagder
"In this case, Renovate automatically created a PR to update the trivy-action digest, which pointed to the compromised commit"

And how long before people realize the benefit/risk ratio of using renovate for security isn't truly favorable.

Show threadAlessandro Lai5d ago
@jotak @bagder to be fair, Renovate has by default a cool down period for exactly these kind of situations..
Show threadJoel Takvorian5d ago
@alessandrolai @bagder are you sure it's by default? That was not my impression; but that's indeed something wise to do.
You're talking about minimumReleaseAge, right? https://docs.renovatebot.com/key-concepts/minimum-release-age/
Minimum Release Age - Renovate Docs

Requires Renovate to wait for a specified amount of time before suggesting a dependency update.

Show threadJoel Takvorian5d ago
@alessandrolai @bagder it also doesn't seem to be supported for every kind of updates and managers