Trivy Compromise Scanner March 2026 Incident Review GHSA-69fq-xp46-6x23
Rule Set

Current incident normalization rules

This is the machine-readable ruleset the scanner applies before showing live findings.

Back To Scan 
[
  {
    "repository": "aquasecurity/trivy-action",
    "description": "Unprefixed tags 0.0.1 through 0.34.2 were force-pushed to malicious commits.",
    "safe_reference": "0.35.0 or a restored v-prefixed tag"
  },
  {
    "repository": "aquasecurity/setup-trivy",
    "description": "Tags v0.2.0 through v0.2.6 were replaced during the incident; only v0.2.6 was restored.",
    "safe_reference": "v0.2.6"
  }
]
Disclaimer

This scanner is provided as a convenience only. Findings and enrichment are best-effort, may be incomplete, and are not a substitute for validating upstream advisories, repository history, and your own incident-response process.