Impacted by the Trivy supply chain attack? Prevent the next attack by switching to Chainguard Libraries and Actions for free today.

On March 19, 2026, attackers used stolen credentials to publish malicious versions of Trivy GitHub Actions, turning every CI/CD pipeline that used trivy-action or setup-trivy into a credential harvester. If you ran a Trivy scan between March 19-22, you should treat all of your GitHub, cloud service provider, Kubernetes, and crypto keys as exposed and rotate them immediately.

The blast radius of this attack is still expanding. On March 24, the same attackers breached litellm, a Python dependency with 97M+ monthly downloads, all because the maintainers used Trivy in their CI/CD pipeline. We expect more organizations and open source projects to be impacted in the coming weeks and months as more private keys are stolen and exploited.

To help teams get protected now, we're offering three free months of Chainguard Libraries and Actions (waitlist may apply) to new sign-ups to Chainguard, with no paid commitment required. This offer is available until May 31, 2026. Sign up below to get started.