Compromised aquasecurity/trivy-action detected in GitHub Actions workflows

## Title
Compromised `aquasecurity/trivy-action` detected in GitHub Actions workflows

## Body

### Compromised `aquasecurity/trivy-action` detected in GitHub Actions workflows

Our automated platform at [StepSecurity](https://www.stepsecurity.io) has detected that this repository used a **compromised version of `aquasecurity/trivy-action`** in its GitHub Actions workflows during the recent Trivy incident.

#### What happened?

The `aquasecurity/trivy-action` GitHub Action was compromised, and a malicious version (`v0.69.4`) was published. Workflow runs in this repository executed a compromised SHA of this action, which may have exposed sensitive information such as secrets, environment variables, or build artifacts.
#### Compromised SHA detected

`aquasecurity/trivy-action@91e7c2c36dcad14149d8e455b960af62a2ffb275`

#### Affected workflow runs

| # | Workflow Run | Workflow File |
|---|-------------|---------------|
| 1 | [23310856690](https://github.com/newrelic/helm-charts/actions/runs/23310856690) | [Workflow](https://github.com/newrelic/helm-charts/actions/runs/23310856690/workflow) |
| 2 | [23310894475](https://github.com/newrelic/helm-charts/actions/runs/23310894475) | [Workflow](https://github.com/newrelic/helm-charts/actions/runs/23310894475/workflow) |
| 3 | [23310917034](https://github.com/newrelic/helm-charts/actions/runs/23310917034) | [Workflow](https://github.com/newrelic/helm-charts/actions/runs/23310917034/workflow) |
| 4 | [23314525687](https://github.com/newrelic/helm-charts/actions/runs/23314525687) | [Workflow](https://github.com/newrelic/helm-charts/actions/runs/23314525687/workflow) |
| 5 | [23314545288](https://github.com/newrelic/helm-charts/actions/runs/23314545288) | [Workflow](https://github.com/newrelic/helm-charts/actions/runs/23314545288/workflow) |
| 6 | [23315659819](https://github.com/newrelic/helm-charts/actions/runs/23315659819) | [Workflow](https://github.com/newrelic/helm-charts/actions/runs/23315659819/workflow) |
| 7 | [23317655951](https://github.com/newrelic/helm-charts/actions/runs/23317655951) | [Workflow](https://github.com/newrelic/helm-charts/actions/runs/23317655951/workflow) |
| 8 | [23318211898](https://github.com/newrelic/helm-charts/actions/runs/23318211898) | [Workflow](https://github.com/newrelic/helm-charts/actions/runs/23318211898/workflow) |
| 9 | [23319035616](https://github.com/newrelic/helm-charts/actions/runs/23319035616) | [Workflow](https://github.com/newrelic/helm-charts/actions/runs/23319035616/workflow) |
| 10 | [23320055084](https://github.com/newrelic/helm-charts/actions/runs/23320055084) | [Workflow](https://github.com/newrelic/helm-charts/actions/runs/23320055084/workflow) |
| 11 | [23326051370](https://github.com/newrelic/helm-charts/actions/runs/23326051370) | [Workflow](https://github.com/newrelic/helm-charts/actions/runs/23326051370/workflow) |
| 12 | [23326973920](https://github.com/newrelic/helm-charts/actions/runs/23326973920) | [Workflow](https://github.com/newrelic/helm-charts/actions/runs/23326973920/workflow) |
| 13 | [23328253457](https://github.com/newrelic/helm-charts/actions/runs/23328253457) | [Workflow](https://github.com/newrelic/helm-charts/actions/runs/23328253457/workflow) |

#### References

- [StepSecurity Blog: Trivy Compromised a Second Time](https://www.stepsecurity.io/blog/trivy-compromised-a-second-time---malicious-v0-69-4-release)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Compromised aquasecurity/trivy-action detected in GitHub Actions workflows #2175

Title

Body