If your CI/CD process uses Trivy (tag:latest or v.0.69.4), please read this:

Trivy image has been compromised for around 3 hours between Thursday 19.3 and Friday 20.3. The InfoStealer scanned for CI/CD tokens, Kubernetes credentials, SSH-keys and basically everything you can get your hands on while on the CI/CD job.

There is also possibility of injecting malware into any images made through this process.

SO IF YOU ARE USING THE TRIVY IMAGE AS PART OF YOUR CI/CD, PLEASE MAKE SURE TO:

CHECK THE VERSION (LATEST OR VERSION 0.69.4)

IF USING THE VULNERABLE VERSION, CHANGE YOUR TOKENS / INFO USED IN THE PROCESS

REMAKE ANY IMAGES (IN THE CONTAINER REGISTRY, etc) WITH NON-VULNERABLE VERSIONS AND USE THEM

More informaion, see for example: https://www.wiz.io/blog/trivy-compromised-teampcp-supply-chain-attack

D
dft

Projects with this topic

View thesis project

ttweb / thesis

Department template for thesis works (MSc/BSc) | Documentation: https://tech.utugit.fi/soft/thesis/doc/doc | Overleaf: https://tex.soft.utu.fi/

thesis template dft

6

Updated Mar 06, 2026

6 29 1 7

Updated Mar 06, 2026