THIS IS IMPORTANT RELEASE
On March 19, 2026, attackers compromised the official Trivy vulnerability scanner.
They force-pushed 75 out of 76 version tags in the GitHub Action repository (aquasecurity/trivy-action) to inject a credential-stealing payload executed during GitHub Actions builds.
During this time, release v0.69.4 was also published. From public GitHub data: v0.69.4 tag was created, then deleted by a Trivy maintainer hours later. Exposure window: 2026-03-19 18:22 – ~21:42 CET.
The full technical analysis is available at https://www.abgeo.dev/blog/trivy-github-actions-compromised-full-payload-analysis/.
How does this affect Dockhand?
Dockhand does not use the compromised GitHub Action, but runs Trivy as a an Docker container (aquasec/trivy) with the following setup:
- The container receives the Docker socket (to access images for scanning) and it's own cache volume (for the vulnerability database)
- No host filesystem paths are mounted into the scanner container
- No Dockhand environment variables or credentials are passed to the scanner container
- The container runs a single scan command and exits
The attack targeted the GitHub Action repository. There is no confirmation whether the Docker Hub container images (aquasec/trivy) were also affected.
If you ran vulnerability scans using Dockhand before version 1.0.22 during or after March 19, and the scanner image was not cached locally, the scanner may have pulled aquasec/trivy:latest, which could have pointed to a compromised image.
Starting with Dockhand 1.0.22, scanner images are pinned to verified versions (aquasec/trivy:0.69.3) and are configurable in Settings > General.
Recommended action: Upgrade Dockhand to 1.0.22 immediately if you haven't already.
We will update you if new information emerges about the Docker Hub images.
references:
aquasecurity/trivy#10425
https://www.abgeo.dev/blog/trivy-github-actions-compromised-full-payload-analysis/
[UPDATE]
CrowdStrike has confirmed that the Docker container image aquasec/trivy:0.69.4 was also compromised — not just the GitHub Action.
https://www.crowdstrike.com/en-us/blog/from-scanner-to-stealer-inside-the-trivy-action-supply-chain-compromise/
What the payload does:
The compromised Trivy binary drops a script to ~/.config/sysmon.py which sleeps for 5 minutes, then contacts a command-and-control server every 50 minutes. It acts as a stage-1 loader for further payloads.
Why Dockhand is likely unaffected:
Dockhand runs the Trivy Docker container (isolated from a host) for a single scan and exits — typically under 30 seconds - 1 minute.
The malicious payload requires a 5-minute sleep before it activates. Since the container is destroyed when the scan completes, the payload never had time to execute.
Additionally:
- No host filesystem paths are mounted into the scanner container
- No Dockhand environment variables or credentials are passed to it
- CrowdStrike's analysis describes a C2 loader — no Docker socket exploitation was observed
What's new in v1.0.22
- ✨ dashboard list view with inline search and connection filters (#740)
- ✨ custom environment icon (#754)
- ✨ show +N indicator for containers with multiple IP addresses (#644)
- ✨ bundle all fonts locally for privacy and offline use (#734)
- 🐛 respect PROXY settings when checking for container updates
- 🐛 git stacks force-redeploy after a failed sync (#693)
- 🐛 What's New modal shown before login, exposing version info (#717)
- 🐛 git repository files not removed from disk on delete (#671)
- 🐛 recursive chown at startup breaks stack volumes with different ownership (#719)
- 🐛 missing notification event toggles for container healthy, image prune events (#659)
- 🐛 container disappears when edit fails (e.g. invalid memory/swap) (#736)
- 🐛 regression: network container count always shows 0 (#761)
- 🐛 Grype/Trivy scan containers don't inherit proxy env vars (#780)
- 🐛 pin vulnerability scanner images to specific versions not :latest
Docker image
docker pull fnsys/dockhand:v1.0.22Also available as fnsys/dockhand:latest