Trivy security incident

[pjungermann]

Trivy was attacked. The attack timeline briefly aligns with the release of version v9.4.0.

As part of the attack, Trivy releases were deleted - after the megalinter v9.4.0. The attack started before the release.

Here is a simplified timeline:

Time (UTC)	Event
Feb 27, 00:18	PR #10252 created and immediately closed, triggering CI
Feb 27, 12:01	Unauthorized API activity begins using compromised PAT
Feb 27, 12:36	Malicious security advisory created in trivy-vscode-extension
Feb 28, 03:17	hackerbot-claw PR created and closed
Mar 1, 00:14	Mass deletion of releases via script
Mar 1, 00:27	Repository renamed, fake repository created

Details:
https://github.com/aquasecurity/trivy/discussions/10265

Based on the shared timeline, the megalinter v9.4.0 is likely not affected. I didn't dig deeper into it.

Trivy plans to restore releases, etc.

The goal of this issue is to create awareness. It might be good to check the next update more closely.

[nvuillam]

@pjungermann thanks for sharing :)

I've followed the issue (i wondered by the beta version wouldn' build 😆

I have the same conclusion than you, the only rotten artifact that the hacker bot published was on their vscode extension

And indeed v9.4.0 has been released after Aqua team fixed everything :)

[pjungermann]

@nvuillam There was a follow-up attack on Trivy yesterday: aquasecurity/trivy#10425

[vonbraunbates]

Looks like there has been another compromise (this issue was only opened today): aquasecurity/trivy-action#541

I see @pjungermann beat me to it, thank you!

In practical terms, is DISABLE_LINTERS: REPOSITORY_TRIVY sufficient to remove risk while we work out which Megalinter versions are (possibly) affected?

[nvuillam]

Hmm it seems that they have many issues these times ^^

I'll have to check, but as a reminder, MegaLinter calls the linters with a limited version of environment variables

-> https://megalinter.io/latest/config-variables-security/#default-secured-variables

So if a rotten version of trivy has been called from MegaLinter, it did NOT get your env variables that contain "TOKEN" in their name, for example

[vonbraunbates]

What happens if I use SECURED_ENV_VARIABLES: (.*) in .mega-linter.yml?

The compromised trivy version scans for a wide variety of things, not just env vars. How might that complicate matters?

[pjungermann]

The compromised version is v0.69.4.

https://github.com/oxsecurity/megalinter/releases/tag/v9.4.0 uses v0.69.1

The latest update of trivy at megalinter was to v0.69.3 at commit a197c2b from PR #7364

[nvuillam]

What happens if I use SECURED_ENV_VARIABLES: (.*) in .mega-linter.yml?

The compromised trivy version scans for a wide variety of things, not just env vars. How might that complicate matters?

If a malicious script runs, there are always risks (for example they can read and send your source files somewhere else), MegaLinter tries to reduce them

[nvuillam]

The compromised version is v0.69.4.

https://github.com/oxsecurity/megalinter/releases/tag/v9.4.0 uses v0.69.1

The latest update of trivy at megalinter was to v0.69.3 at commit a197c2b from PR #7364

Means we're good except if using beta version that has been built during rotten commits ?

[vonbraunbates]

Is trivy-sbom potentially affected? It's also v0.69.1 in Megalinter, so presumably not...?

[nvuillam]

The fact that we don't release MegaLinter that often is... lucky :)

The maximum version of trivy in MegaLinter is v0.69.3, so no impact with 0.69.4

What is more boring is that we are also using github action trivy-action@master to check MegaLinter generated docker images

We removed EVERY token defined on the repository, just out of precaution, and we'll define new ones only when:

• either we'll have remove any use of trivy in the repo
• either trivy is finally trustable again

Additional info:

• Since v9, default images of MegaLinter are hosted on ghcr.io
• The release workflow is the only one who can deploy to ghcr.io and has not been run since way before the trivy issue
• Tokens related to docker hub has been deleted

So basically, using latest and beta versions of MegaLinter is safe, and before releasing anything else we'll make sure it's done with brand new security tokens

[nvuillam]

FYI, trivy has been completely removed from MegaLinter own CI (and all credentials rotated), and disabled from beta and next release

I love trivy so if it's safe again in a future version, it can be back :)

Note: i'm currently adding osv-scanner (by google) that has similar features than trivy

[nvuillam]

Also updated hidden variables to have an even bigger list

That way, even if someday one of our linters is hacked, attackers won't have your secret ENV vars :)

https://megalinter.io/beta/config-variables-security/#security-boundaries-and-threat-model