If your CI/CD process uses Trivy (tag:latest or v.0.69.4), please read this:

Trivy image has been compromised for around 3 hours between Thursday 19.3 and Friday 20.3. The InfoStealer scanned for CI/CD tokens, Kubernetes credentials, SSH-keys and basically everything you can get your hands on while on the CI/CD job.

There is also possibility of injecting malware into any images made through this process.

SO IF YOU ARE USING THE TRIVY IMAGE AS PART OF YOUR CI/CD, PLEASE MAKE SURE TO:

CHECK THE VERSION (LATEST OR VERSION 0.69.4)

IF USING THE VULNERABLE VERSION, CHANGE YOUR TOKENS / INFO USED IN THE PROCESS

REMAKE ANY IMAGES (IN THE CONTAINER REGISTRY, etc) WITH NON-VULNERABLE VERSIONS AND USE THEM

More informaion, see for example: https://www.wiz.io/blog/trivy-compromised-teampcp-supply-chain-attack

Admin message