24 Mar
2026

Healthcare technology is built on trust. Hospital systems trust that the software you ship to manage patient data, clinical workflows, and connected devices is safe. That trust is only as strong as the security of the tools you use to build it.

Last week, that trust was tested.

A sophisticated supply chain attack hit Trivy, Aqua Security's widely-adopted open-source vulnerability scanner last week. The ripple effects are still spreading. As of today, over 1,000 organizations' cloud environments have been confirmed infected, with that number expected to grow significantly in the coming days.

It's one of the most consequential DevSecOps supply chain incidents in recent memory, illustrating a risk that doesn't get discussed enough: what happens when your security tooling becomes the attack surface?

What Happened

The attack unfolded in two stages.

Stage One

In late February 2026, attackers exploited a misconfiguration in Trivy's GitHub Actions environment, extracting a privileged access token and establishing a foothold into repository automation and release processes. Aqua Security rotated credentials in response, but the process wasn't fully atomic, and attackers may have retained access to refreshed tokens during the transition.

Stage Two

On March 19, the second stage hit. A compromised credential was used to publish malicious releases of Trivy, trivy-action, and setup-trivy. An attacker force-pushed 76 out of 77 version tags in the aquasecurity/trivy-action repository, modifying them to serve a malicious payload that turned trusted version references into a distribution mechanism for an infostealer.

The payload executed within GitHub Actions runners before the real scanner ran, targeting sensitive data in CI/CD environments: dumping runner process memory to extract secrets, harvesting SSH (Secure Shell) keys, and exfiltrating credentials for AWS (Amazon Web Services), GCP (Google Cloud Platform), and Azure, as well as Kubernetes service account tokens.

Because the malicious code ran silently before the real scanner, workflows appeared to complete normally, making detection extremely difficult without dedicated runtime monitoring.

The attack didn't stop there. Stolen credentials were subsequently used to compromise dozens of npm packages and distribute a self-propagating worm called CanisterWorm. Attackers also defaced all 44 internal repositories in Aqua Security's GitHub organization, renaming each with a "tpcp-docs-" prefix and exposing internal source code, CI/CD pipelines, and team knowledge bases.

A tool purpose-built to find vulnerabilities became the vulnerability.

Why the Pipeline Is a High-Value Target

The Trivy incident is a story about structural risk, not a bad actor getting lucky.

When a security tool runs inside your CI/CD pipeline, it operates with elevated trust. It has access to secrets, tokens, cloud credentials, and anything else the runner can touch. If an action's code is modified, whether by its maintainers or by someone who gained write access, every pipeline that references it will trust and execute the new code on its next run, with full access to that pipeline's secrets, credentials, and infrastructure.

That is how the design works. And it's exactly what makes pipeline-resident tooling such a compelling target.

The attacker force-pushed existing tags to new malicious commits, so any GitHub Actions workflow referencing a tag like aquasecurity/trivy-action@v0.x.x automatically resolved to attacker code without any change in the workflow file itself. From the outside, nothing looked different.

In healthcare technology, those secrets unlock access to EHR integrations, HL7 interfaces, cloud-hosted PHI, and the hospital systems you serve. Your CI/CD pipeline has become one of the highest-value targets an attacker can pursue because every developer on your team implicitly trusts it. The Trivy breach illustrates the core problem: developer tools and security tools that live inside your pipeline inherit the pipeline's trust and the pipeline's blast radius. When they're compromised, everything downstream is compromised with them.

This Wasn't a Zero-Day

The Trivy breach succeeded because of a trust and processes problem.

The attack began when an autonomous bot exploited a misconfigured GitHub Actions workflow to steal a privileged Personal Access Token. Using that credential, attackers seized control of the repository and ultimately force-pushed 76 out of 77 version tags in the trivy-action repository, effectively turning trusted version references into a distribution mechanism for an infostealer.

The lesson here is that incomplete cleanup turns one breach into a campaign. The compromised credentials were retained from an earlier breach, and a rotation process that did not fully sever access provided the opening for everything that followed.

This is the nature of pipeline-resident tooling. One incomplete remediation, one stale token, or one trusted action causes the whole chain to unravel.

For healthcare tech firms operating under HIPAA, SOC 2, and the scrutiny of hospital security teams, this is a demonstrated attack pattern that is actively expanding. By March 24, the same campaign had moved to PyPI, poisoning Litellm packages with the same infostealer malware, and then targeted the Checkmarx KICS scanner. 

The attackers aren't stopping at Trivy. They're following the tools.

How TripleKey Is Different

This is the architectural decision TripleKey made differently.

TripleKey connects to your repositories through a read-only token and monitors your dependency graph continuously, without running inside your build process, without touching your GitHub Actions workflows, and without executing code in your CI/CD runners. Our analysis happens out-of-band, which means we're never in a position to be weaponized the way Trivy was.

Architecture is the foundation. TripleKey's patented process layers additional security controls on top of that foundation, ensuring that the way we access, analyze, and surface dependency risk is protected not just by design, but by an approach the industry hasn't seen before. Good intentions aren't enough. The mechanics of how a tool operates have to be held to the same standard as the risks it's meant to surface.

When we designed TripleKey's integration model, we asked a simple question: what's the minimum level of access needed to give teams accurate, continuous dependency visibility? The answer was read-only access. This is an architectural constraint we've deliberately built in with a patented process we stand behind.

This matters for three reasons.

1. Private and secure.  Because TripleKey doesn't execute in your pipeline, a compromise of TripleKey couldn't be used to steal your CI/CD secrets, exfiltrate cloud credentials, or propagate malware into downstream environments.

2. You don't have to trust us with runtime access. Read-only token access means you can scope our permissions tightly and audit them easily. There's no service account with write access, no bot with elevated pipeline privileges.

3. Your pipeline stays yours. The Trivy breach spread because the tool was deeply embedded in thousands of automated workflows. A read-only, out-of-band approach keeps the blast radius of any potential issue contained.

If your team builds software for hospital systems, the exposure calculus here is broader than your own environment.

This incident is also a good moment to audit every tool running inside your pipeline and ask: does this tool need this level of access? In many cases, the answer is no. If you are affected by the breach or rethinking your security posture, TripleKey is happy to help. There’s no better time to see what continuous, out-of-band visibility looks like in practice.

You can start a free trial today:

Free Trial

What This Means for Your Customers' Trust

Hospital systems are under extraordinary pressure from regulators, insurers, and their own security teams to validate the security of every vendor in their supply chain. When they ask about your software development security controls, they are increasingly sophisticated enough to ask where those controls operate.

A vendor whose security scanning tooling can be turned into a credential harvester is a vendor who introduces supply chain risk, regardless of intent. The Trivy breach is the kind of incident your hospital customers' security teams are reading about right now and translating directly into vendor questionnaire updates.

The firms that get ahead of this moment are the ones who can demonstrate that their dependency visibility and risk monitoring architecture is designed for this threat environment.

The Trivy attack is a serious incident. We have immense respect for the researchers who detected it quickly and the teams scrambling to contain it. But it's also a useful reminder of why the architecture of security tooling matters, and not just its capabilities.

Health systems today are asking harder questions about software supply chain security. And the answer "our security tooling lives in our pipeline" is no longer a comfortable one. TripleKey was built to be useful without being embedded, and it is protected by a patented process that goes further than architecture alone.

Code Snippet
go
Learn more
“When you understand your RER, you gain clarity on where to focus your efforts. That insight transforms development from chaotic to controlled”
— Sophia Liang, CTO at TripleKey
1. Reduced Technical Debt
Proactive risk management prevents future bottlenecks.
2. Enhanced Team Morale:
Teams equipped with clear risk insights feel empowered.
3. Faster Time to Market:
Efficient risk handling eliminates unnecessary delays.

Heading 1

Heading 2

Heading 3

Heading 4

Heading 5
Heading 6

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

“Efficiency isn’t just about speed—it’s about navigating risks with precision to keep your development pipeline resilient and agile.”

— Sophia Liang, CTO at TripleKey

Ordered list

  1. Item 1
  2. Item 2
  3. Item 3

Unordered list

  • Item A
  • Item B
  • Item C

Text link

Bold text

Emphasis

Superscript

Subscript

const calculateRER = (riskResolved, codeChanges) => {
  return (riskResolved / codeChanges).toFixed(2);
};

// Example calculation:
const resolvedRisks = 35;
const codeUpdates = 150;

console.log(`Your RER is: ${calculateRER(resolvedRisks, codeUpdates)}`);