Trivy
An open-source vulnerability scanner published by Aqua Security; its supply-chain compromise via CVE-2026-33634 in March 2026 allowed UNC6780 to steal credentials accessing Cisco GitHub repositories.
Last refreshed: 20 May 2026 · Appears in 1 active topic
If Trivy holds credentials for every pipeline it scans, is every Trivy user a downstream target?
Timeline for Trivy
UNC6780 takes Cisco AI Defense source code
Cybersecurity: Threats and DefencesWhat is Trivy and how was it hacked?
How did a Trivy vulnerability lead to the Cisco hack?
Should I stop using Trivy after the supply-chain attack?
Background
Trivy is an open-source vulnerability and configuration scanner published by Aqua Security. It scans container images, filesystems, and code repositories for known CVEs, misconfigurations, and secrets, and is widely deployed in enterprise and cloud-native CI/CD pipelines as a standard security gate. Its position in CI/CD pipelines means Trivy typically holds or processes the credentials, tokens, and secrets used by the pipelines it audits.
In March 2026 a supply-chain vulnerability in Trivy, designated CVE-2026-33634, allowed UNC6780 (TeamPCP) to compromise Trivy's pipeline integrations and harvest the GitHub tokens and AWS keys of downstream pipeline users. Those credentials were exfiltrated via the SANDCLOCK credential stealer and subsequently used to clone over 300 private Cisco GitHub repositories, including the source code of Cisco AI Defense and Cisco AI Assistant. Trivy's role as a Universal scanner made it a force-multiplier target: one compromise of the scanner yielded credentials across all projects that trusted it.
The Trivy incident illustrates the structural concentration risk of Universal CI/CD tooling. Unlike targeted developer endpoint attacks, compromising a scanner that audits hundreds of pipelines yields credentials across all of them. For the open-source security community, it raises the question of whether open-source security tooling itself requires the kind of supply-chain security controls, Software Bills of Materials, signed releases, and mandatory security audits, that it is designed to enforce on other software.