Trivy ecosystem supply chain temporarily compromised (github.com)

by batch12 37 comments 102 points
Read article View on HN

37 comments

[−] jl6 55d ago
To be clear, this is a supply chain attack on everyone that uses Trivy, not a supply chain attack on Trivy. It was a direct attack on Trivy, exploiting components that Aqua had full control and responsibility for. The term “supply chain attack” has a connotation of “it’s not really my fault, it was my dependencies that got compromised”.

Of course, every entity is ultimately accountable for its own security, including assigning a level of trust to any dependencies, so it’s ultimately no excuse, but getting hit by a supply chain attack does evoke a little more sympathy (“at least I did my bit right”), and I feel like the ambiguous wording of the title is trying to access some of that sympathy.

[−] dec0dedab0de 54d ago
The term “supply chain attack” has a connotation of “it’s not really my fault, it was my dependencies that got compromised”.

In my experience that is definitely not true, and I've never heard anyone use it that way. Even though you are correct in who the target was.

[−] BrandoElFollito 54d ago
A supply chain attack is an attack on a provider of a solution that is then deployed further. The issue with a supply chain attack is that the ultimate victim brings in trusted software that was compromised upstream.
[−] Shank 55d ago
This attack seems predicated on a prior security incident (https://socket.dev/blog/unauthorized-ai-agent-execution-code...) at Trivy where they failed to successfully remediate and contain the damage. I think at this time, Trivy should’ve undertaken a full reassessment of risks and clearly isolated credentials and reduced risk systemically. This did not happen, and the second compromise occurred.
[−] NewJazz 55d ago
They did a lot of what you describe, although perhaps not well enough.
[−] MilnerRoute 55d ago
Briefly?

"Trivy Supply Chain Attack Spreads, Triggers Self-Spreading CanisterWorm Across 47 npm Packages"

https://it.slashdot.org/story/26/03/22/0039257/trivy-supply-...

[−] woodruffw 55d ago
I don’t think “briefly compromised” is accurate. The short span between this and the previous compromise of trivy suggests that the attacker was able to persist between their two periods of activity.
[−] AdrienPoupa 55d ago
Don't forget to pin your GitHub Actions to SHAs instead of tags, that may or may not be immutable!
[−] feross 55d ago
Lots more technical research about the actual attack and how it worked here: https://socket.dev/blog/trivy-under-attack-again-github-acti...

Disclosure: I’m the founder of Socket.

[−] snailmailman 55d ago
Are the spam comments all from compromised accounts, presumably compromised due to this hack?

I only clicked on a handful of accounts but several of them have plausibly real looking profiles.

[−] philipwhiuk 54d ago
Sounds like Trivy is still compromised:

https://www.aquasec.com/blog/trivy-supply-chain-attack-what-...