Severity: Critical (upstream supply chain compromise)
Status: Monitoring

On March 19, 2026, a threat actor used a previously stolen service account credential to push a backdoored release of Trivy (v0.69.4). The poisoned release distributed malicious binaries through GitHub Releases, Homebrew, AWS ECR, and rewrote 75 of 76 version tags on the trivy-action GitHub Action.

The malware payload functions as an infostealer — targeting CI runner memory, SSH keys, and cloud credentials (AWS, GCP, Azure, and Kubernetes service account tokens). This is the second significant Trivy supply chain compromise in less than a month, and represents a meaningful escalation in both sophistication and reach from the first. Full technical details have been published by Boost Security Labs.

The poisoned release (v0.69.4) has since been removed. The known-safe version is v0.69.3.

Qlty supports Trivy as an optional plugin. We have assessed our exposure across two customer segments:

We queried all recorded Trivy plugin invocations across Qlty Cloud and found zero executions of v0.69.4. Qlty Cloud customers were not impacted by this compromise.

Qlty does not automatically pull new plugin releases. Customers who have enabled the Trivy plugin without customizing its version are running v0.69.2 — which predates the compromised release and is unaffected.

However, Qlty's plugin system allows version overrides in your .qlty/qlty.toml file. If you manually specified v0.69.4 as your Trivy version, Qlty would have downloaded and executed the compromised binary. If you are a CLI-only user and are unsure whether you overrode this version, please check your .qlty/qlty.toml now.

This is the second critical Trivy supply chain compromise in under a month. After the first incident, we removed Trivy from Qlty's recommended plugins during onboarding. Given this repeated pattern, and given that a supply chain compromise of this nature can be the leading edge of a broader attack campaign, we believe the responsible path forward is to recommend disabling the plugin. As with any static analysis tool, users are ultimately responsible for choosing which tools to run in their environment — Qlty operates under a shared responsibility model, and we want to give you the information you need to make that call.

To disable the Trivy plugin, remove the Trivy entry from the [plugin] section of your .qlty/qlty.toml file:

# Remove or comment out the following block: [[plugin]] name = "trivy"

We will communicate when we are confident it is safe to re-enable Trivy.

If you have questions about your specific environment or believe you may have been impacted, please reach out to us at support@qlty.ai.