Over the past few years, Boost Security’s research team at Boost Labs has been deeply curious about how attackers might pivot from traditional application vulnerabilities to exploiting the CI/CD machinery itself. The team has spent extensive time studying "Living Off The Pipeline" (LOTP) techniques, mapping out how build tools, runner memory, and service accounts can be manipulated to turn the software factory against itself.
On March 19, 2026, the industry witnessed a complex, real-world execution of these exact concepts when Aqua Security’s Trivy (a widely used and highly respected open-source vulnerability scanner) was compromised.
The widespread adoption of Trivy, combined with the sophisticated tradecraft deployed, makes this a fascinating case study. The threat actors executed the attack by force-pushing 75 out of 76 version tags on the trivy-action repository. Concurrently, they used a clever imposter commit on the actions/checkout step to silently pull down backdoored Go source files from a typosquatted domain.
For organizations using these workflows, their automated CI/CD systems pulled down an infostealer payload designed to harvest cloud credentials, SSH keys, and Kubernetes tokens directly from the runner's memory. All of this occurred while blending seamlessly into the normal output of a busy pipeline.
From Research to Reality
When the Boost Labs team reviewed archival scans using the open-source CI/CD scanner poutine, they noticed the underlying workflow configurations that made this possible were visible months ago. Observing these configurations serves as a sobering validation that the theoretical supply chain attack paths the security community has been researching are actively being operationalized.
The leap from research to a live, multi-channel supply chain compromise means security programs must respond with precision. Because the attackers used tag poisoning (rewriting trusted, existing tags like v0.2.1), relying on version numbers or standard SCA scans will leave significant blind spots.
What You Need to Do Right Now
Organizations running pipelines that use trivy-action or pulled Trivy binaries during the March 19 exposure window need to move quickly to audit their exposure and lock down their runners.
Teams must verify the specific commit SHAs their pipelines executed, audit runner memory exposures, and execute credential rotations for any secrets accessible to those jobs. To help navigate this process without the guesswork, Boost Security's threat researchers have published a comprehensive, step-by-step incident response guide based on active threat hunting and analysis.
Read the Full Playbook: Aqua Security Trivy Supply Chain Compromise Incident Response Guide
Inside the tactical guide, readers will find:
-
The exact exposure windows and Indicators of Compromise (IoCs) to look for.
-
Instructions to audit GitHub Actions runs for poisoned tags and imposter SHAs.
-
Guidance on which secrets and credentials must be considered compromised and rotated.
-
Actionable advice on hardening pipelines moving forward (such as pinning actions by full SHA and minimizing service account scopes).
The Boost Labs team will continue to update these findings while analyzing the attack path alongside the rest of the security community. Review the guide for the most up-to-date remediation steps to secure your software factory.
