An incomplete credential rotation let TeamPCP take over the aqua-bot service account and force-push malicious commits to 76 of 77 tags in trivy-action, plus the scanner binary and Docker Hub images. Trivy runs inside CI with access to pipeline secrets by design, so the harvest gave the attackers cloud creds, SSH keys, and Kube tokens from thousands of pipelines downstream.
← Findings
Trivy supply-chain compromise: the year's pivot point
TeamPCP takes over the aqua-bot service account, force-pushes malicious commits to 76 of 77 trivy-action tags plus the scanner binary and Docker Hub images.