Compromised aquasecurity/trivy-action detected in GitHub Actions workflows

## Title
Compromised `aquasecurity/trivy-action` detected in GitHub Actions workflows

## Body

### Compromised `aquasecurity/trivy-action` detected in GitHub Actions workflows

Our automated platform at [StepSecurity](https://www.stepsecurity.io) has detected that this repository used a **compromised version of `aquasecurity/trivy-action`** in its GitHub Actions workflows during the recent Trivy incident.

#### What happened?

The `aquasecurity/trivy-action` GitHub Action was compromised, and a malicious version (`v0.69.4`) was published. Workflow runs in this repository executed a compromised SHA of this action, which may have exposed sensitive information such as secrets, environment variables, or build artifacts.
#### Compromised SHA detected

`aquasecurity/trivy-action@e0198fd2b6e1679e36d32933941182d9afa82f6f`

#### Affected workflow runs

| # | Workflow Run | Workflow File |
|---|-------------|---------------|
| 1 | [23308899842](https://github.com/microsoft/aspire.dev/actions/runs/23308899842) | [Workflow](https://github.com/microsoft/aspire.dev/actions/runs/23308899842/workflow) |
| 2 | [23308941433](https://github.com/microsoft/aspire.dev/actions/runs/23308941433) | [Workflow](https://github.com/microsoft/aspire.dev/actions/runs/23308941433/workflow) |
| 3 | [23310248087](https://github.com/microsoft/aspire.dev/actions/runs/23310248087) | [Workflow](https://github.com/microsoft/aspire.dev/actions/runs/23310248087/workflow) |
| 4 | [23310331037](https://github.com/microsoft/aspire.dev/actions/runs/23310331037) | [Workflow](https://github.com/microsoft/aspire.dev/actions/runs/23310331037/workflow) |
| 5 | [23311593675](https://github.com/microsoft/aspire.dev/actions/runs/23311593675) | [Workflow](https://github.com/microsoft/aspire.dev/actions/runs/23311593675/workflow) |
| 6 | [23313491734](https://github.com/microsoft/aspire.dev/actions/runs/23313491734) | [Workflow](https://github.com/microsoft/aspire.dev/actions/runs/23313491734/workflow) |
| 7 | [23314110764](https://github.com/microsoft/aspire.dev/actions/runs/23314110764) | [Workflow](https://github.com/microsoft/aspire.dev/actions/runs/23314110764/workflow) |
| 8 | [23315900783](https://github.com/microsoft/aspire.dev/actions/runs/23315900783) | [Workflow](https://github.com/microsoft/aspire.dev/actions/runs/23315900783/workflow) |
| 9 | [23320236998](https://github.com/microsoft/aspire.dev/actions/runs/23320236998) | [Workflow](https://github.com/microsoft/aspire.dev/actions/runs/23320236998/workflow) |
| 10 | [23324114747](https://github.com/microsoft/aspire.dev/actions/runs/23324114747) | [Workflow](https://github.com/microsoft/aspire.dev/actions/runs/23324114747/workflow) |
| 11 | [23324193088](https://github.com/microsoft/aspire.dev/actions/runs/23324193088) | [Workflow](https://github.com/microsoft/aspire.dev/actions/runs/23324193088/workflow) |
| 12 | [23324398293](https://github.com/microsoft/aspire.dev/actions/runs/23324398293) | [Workflow](https://github.com/microsoft/aspire.dev/actions/runs/23324398293/workflow) |
| 13 | [23325118987](https://github.com/microsoft/aspire.dev/actions/runs/23325118987) | [Workflow](https://github.com/microsoft/aspire.dev/actions/runs/23325118987/workflow) |
| 14 | [23326100426](https://github.com/microsoft/aspire.dev/actions/runs/23326100426) | [Workflow](https://github.com/microsoft/aspire.dev/actions/runs/23326100426/workflow) |

#### References

- [StepSecurity Blog: Trivy Compromised a Second Time](https://www.stepsecurity.io/blog/trivy-compromised-a-second-time---malicious-v0-69-4-release)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Compromised aquasecurity/trivy-action detected in GitHub Actions workflows #574

Title

Body