ContainersUserv7FreePublic

Snyk Container Security

Container security playbook: scanning, hardening, SBOMs, signing, registry hygiene; updated Trivy (Mar 2026) remediation and Snyk Container Registry Sync GA guidance.

LoopVerified9 sources · Updated 6d ago

Run in sandbox

Content

Snyk Container Security

End-to-end container security playbook: image scanning, hardening, SBOMs, signing, and supply-chain remediation. Covers both open-source tooling (Trivy, cosign) and commercial options (Snyk Container). Includes precise guidance and incident remediation for the March 2026 Trivy supply-chain compromise (GHSA-69fq-xp46-6x23).

Security incident (March 2026)

Important: In March 2026 the Trivy ecosystem was the subject of a supply-chain compromise that injected credential-stealing malware into several Trivy releases, images, and GitHub Actions. If you use aquasecurity/trivy, the aquasecurity/trivy-action GitHub Action, or actions/aquasecurity/setup-trivy, follow the remediation checklist below immediately. (Primary sources: Trivy GitHub security advisory GHSA-69fq-xp46-6x23; Docker blog advisory Mar 23, 2026.)

GHSA ID: GHSA-69fq-xp46-6x23 (Aqua Security / trivy advisory published Mar 21, 2026).
Affected Trivy image tags (Docker Hub): 0.69.4, 0.69.5, 0.69.6, and latest when it pointed to compromised content during the exposure window. Docker published the compromised digests and timestamps (Docker advisory, Mar 23, 2026):
- sha256:27f446230c60bbf0b70e008db798bd4f33b7826f9f76f756606f5417100beef3 (tagged 0.69.4) — removed Mar 19, 2026 22:20 UTC
- sha256:5aaa1d7cfa9ca4649d6ffad165435c519dc836fa6e21b729a2174ad10b057d2b (tagged 0.69.5) — removed Mar 23, 2026 01:26 UTC
- sha256:425cd3e1a2846ac73944e891250377d2b03653e6f028833e30fc00c1abbc6d33 (tagged ) — removed Mar 23, 2026 01:26 UTC

Snyk Container Security · Loop · Loop

← Back to skills

ContainersUserv7FreePublic

Snyk Container Security

Container security playbook: scanning, hardening, SBOMs, signing, registry hygiene; updated Trivy (Mar 2026) remediation and Snyk Container Registry Sync GA guidance.

LoopVerified9 sources · Updated 6d ago

Run in sandbox

Content

Snyk Container Security

Security incident (March 2026)

GHSA ID: GHSA-69fq-xp46-6x23 (Aqua Security / trivy advisory published Mar 21, 2026).
Affected Trivy image tags (Docker Hub): 0.69.4, 0.69.5, 0.69.6, and latest when it pointed to compromised content during the exposure window. Docker published the compromised digests and timestamps (Docker advisory, Mar 23, 2026):
- sha256:27f446230c60bbf0b70e008db798bd4f33b7826f9f76f756606f5417100beef3 (tagged 0.69.4) — removed Mar 19, 2026 22:20 UTC
- sha256:5aaa1d7cfa9ca4649d6ffad165435c519dc836fa6e21b729a2174ad10b057d2b (tagged 0.69.5) — removed Mar 23, 2026 01:26 UTC
- sha256:425cd3e1a2846ac73944e891250377d2b03653e6f028833e30fc00c1abbc6d33 (tagged ) — removed Mar 23, 2026 01:26 UTC

0.69.6

Activity

PausedMonday · 9:00 AM9 sources

Automation & run history

Automation status and run history. Only the owner can trigger runs or edit the schedule.

View automation desk

Next runtomorrow

ScheduleMonday · 9:00 AM

Runs this month4

Latest outcomev7

April 2026

Automation brief

Scan Trivy releases for new vulnerability rules and scanning-engine updates. Check Snyk blog for container CVE advisories. Monitor GitHub Security Advisories for base-image vulnerabilities. Update image-hardening checklist and runtime-policy recommendations.

Latest refresh trace

Reasoning steps, source results, and the diff that landed.

Apr 11, 2026 · 9:28 AM

triggerAutomation

editoropenai/gpt-5-mini

duration101.5s

statussuccess

web searches2

sources discovered+3

Revision: v7

This update adds precise Trivy advisory details (GHSA-69fq-xp46-6x23), Docker-published compromised digests and timestamps, stronger CI hardening (pin & verify scanner artifacts with sigstore), and highlights Snyk Container Registry Sync GA (Apr 7, 2026) for large-registry management.

- Added GHSA advisory ID and precise affected digests/timestamps from Docker advisory - Expanded remediation checklist to require sigstore/cosign verification and recording scanner digests in CI metadata - Added operational guidance for Snyk Container Registry Sync (GA Apr 7, 2026) - Reworded exposure and pinning guidance and clarified last-known-good releases

Agent steps

Step 1Started scanning 6 sources.

Step 2Trivy Releases: No fresh signals found.

Step 3Snyk Blog: 5 fresh signals captured.

Step 4Docker Blog: 10 fresh signals captured.

Step 5GitHub Security Advisories: 12 fresh signals captured.

Step 6containerd Releases: No fresh signals found.

Step 7Aqua Security Blog: 12 fresh signals captured.

Step 8Agent is rewriting the skill body from the fetched source deltas.

Step 9Agent discovered 3 new source(s): Snyk Blog, Docker Blog, Trivy GitHub Advisory.

Step 10Agent used 2 web search(es).

Step 11v7 is live with body edits.

Sources

Trivy Releasesdone

No fresh signals found.

Snyk Blogdone

5 fresh signals captured.

Governing Security in the Age of Infinite Signal – From Discovery to Control Secure What Matters: Scaling Effortless Container Security for the AI Era Building AI Security with Our Customers: 5 Lessons from Evo’s Design Partner Program

Docker Blogdone

10 fresh signals captured.

Reclaim Developer Hours through Smarter Vulnerability Prioritization with Docker and Mend.io Defending Your Software Supply Chain: What Every Engineering Team Should Do Now Gemma 4 is Here: Now Available on Docker Hub

GitHub Security Advisoriesdone

12 fresh signals captured.

containerd Releasesdone

No fresh signals found.

Aqua Security Blogdone

12 fresh signals captured.

The image AI-Generated Malware in Panda Image Hides Persistent Linux Threat Aqua Security

Diff preview

# Snyk Container Security

−

End-to-end container security playbook: image scanning, hardening, SBOMs, signing, and supply-chain remediation. Covers both open-source tooling (Trivy, cosign) and commercial options (Snyk Container). Includes guidance and incident remediation for the March 2026 Trivy supply-chain compromise.

End-to-end container security playbook: image scanning, hardening, SBOMs, signing, and supply-chain remediation. Covers both open-source tooling (Trivy, cosign) and commercial options (Snyk Container). Includes precise guidance and incident remediation for the March 2026 Trivy supply-chain compromise (GHSA-69fq-xp46-6x23).

## Security incident (March 2026)

−

Important: In March 2026 the Trivy ecosystem was the subject of a supply-chain compromise that injected credential-stealing malware into several official Trivy releases and GitHub Actions. If you use aquasecurity/trivy, the `aquasecurity/trivy-action` GitHub Action, or `setup-trivy`, follow the remediation checklist below immediately. (Primary sources: Docker advisory, Trivy GitHub security advisory.)

Important: In March 2026 the Trivy ecosystem was the subject of a supply-chain compromise that injected credential-stealing malware into several Trivy releases, images, and GitHub Actions. If you use aquasecurity/trivy, the `aquasecurity/trivy-action` GitHub Action, or `actions/aquasecurity/setup-trivy`, follow the remediation checklist below immediately. (Primary sources: Trivy GitHub security advisory GHSA-69fq-xp46-6x23; Docker blog advisory Mar 23, 2026.)

+- GHSA ID: GHSA-69fq-xp46-6x23 (Aqua Security / trivy advisory published Mar 21, 2026).

- Affected Trivy image tags (Docker Hub): `0.69.4`, `0.69.5`, `0.69.6`, and `latest` when it pointed to compromised content during the exposure window. Docker published the compromised digests and timestamps (Docker advisory, Mar 23, 2026):

  - sha256:27f446230c60bbf0b70e008db798bd4f33b7826f9f76f756606f5417100beef3 (tagged `0.69.4`) — removed Mar 19, 2026 22:20 UTC

  - sha256:5aaa1d7cfa9ca4649d6ffad165435c519dc836fa6e21b729a2174ad10b057d2b (tagged `0.69.5`) — removed Mar 23, 2026 01:26 UTC

  - sha256:425cd3e1a2846ac73944e891250377d2b03653e6f028833e30fc00c1abbc6d33 (tagged `0.69.6`) — removed Mar 23, 2026 01:26 UTC

- Affected GitHub Actions: `actions/aquasecurity/setup-trivy` versions < 0.2.6 and `aquasecurity/trivy-action` versions < 0.35.0 were replaced with malicious commits during the exposure window; patched versions: `setup-trivy` v0.2.6 and `trivy-action` v0.35.0.

−

- Affected Trivy image tags (Docker Hub): `0.69.4`, `0.69.5`, `0.69.6`, and `latest` during the affected window. Docker published the compromised digests: sha256:27f446230c60bbf0b70e008db798bd4f33b7826f9f76f756606f5417100beef3, sha256:5aaa1d7cfa9ca4649d6ffad165435c519dc836fa6e21b729a2174ad10b057d2b, sha256:425cd3e1a2846ac73944e891250377d2b03653e6f028833e30fc00c1abbc6d33. (Docker advisory, Mar 23, 2026.)

- Last-known-clean releases: `trivy` v0.69.3 (protected by GitHub immutable releases), `trivy-action` v0.35.0, `setup-trivy` v0.2.6. (Trivy advisory, Mar 21–23, 2026.)

−

- Affected GitHub Actions: `aquasecurity/trivy-action` and `actions/aquasecurity/setup-trivy` had tags force-pushed to malicious commits; `setup-trivy` was affected below v0.2.6 and `trivy-action` was affected below v0.35.0. (Trivy GitHub security advisory, Mar 21–23, 2026.)

−

- Known last-clean releases: `trivy` v0.69.3; `trivy-action` v0.35.0; `setup-trivy` v0.2.6. Always pin scanner tooling to immutable digests or commit SHAs and verify integrity.

## When to use

@@ −19 +23 @@

- Signing container images for supply chain verification

- Setting up CI pipelines that block vulnerable images from reaching production

−

When to consider Snyk Container Registry Sync (GA April 7, 2026): If you manage large registries or face alert fatigue from many stale images, Snyk’s Container Registry Sync (GA Apr 7, 2026) can automatically import new images to scan and prune stale images using customizable rules. For large fleets this reduces noise and focuses remediation on images that are actually deployed. (See Snyk blog: "Secure What Matters: Scaling Effortless Container Security for the AI Era", Apr 7, 2026.)

Consider Snyk Container Registry Sync (GA Apr 7, 2026) if you manage large registries: it automates importing new images to scan and pruning stale images using customizable rules to reduce alert fatigue and focus remediation on images that are actually deployed (Snyk blog, Apr 7, 2026).

## When NOT to use

@@ −30 +34 @@

## Core concepts

−- CVE scanning: checking image layers against vulnerability databases (NVD, GitHub Advisory)

+- CVE scanning: check image layers against vulnerability databases (NVD, GitHub Advisory)

- SBOM: Software Bill of Materials — a manifest of every package in an image (SPDX or CycloneDX)

−- Image signing: cryptographic proof that an image was built by a trusted pipeline (cosign / Sigstore)

+- Image signing: cryptographic proof that an image was built by a trusted pipeline (cosign / Sigstore: fulcio/rektor)

- securityContext: Kubernetes Pod/container-level security settings (non-root, capabilities, seccomp)

−- Runtime policy: OPA Gatekeeper or Kyverno rules enforcing security constraints at admission

+- Runtime policy: OPA/Gatekeeper or Kyverno rules enforcing security constraints at admission

- Distroless: minimal images with no shell or package manager — reduced attack surface

- Supply chain: the pipeline from source to running container — every step is an attack surface

- Trivy: open-source scanner for vulnerabilities, misconfigurations, and secrets in images

−

- Snyk Container: commercial scanner with fix recommendations, base image suggestions, registry integrations, and (since Apr 7, 2026) Container Registry Sync for automated image management and runtime-intelligence prioritization

- Snyk Container: commercial scanner with fix recommendations, base image suggestions, registry integrations, and Container Registry Sync (GA Apr 7, 2026) for automated image management and runtime-intelligence prioritization

## Workflow

### Step 0: (If you used Trivy during Mar 19–23, 2026) Immediate remediation checklist

+1. Identify exposure

   - Search for the compromised digests in local image stores, registry mirrors, artifact repositories, CI caches, and self-hosted runners. Docker published the digests above; Trivy advisory lists the exposure windows for binaries, images, and actions.

+2. Assume breach for any exposed environment

   - Rotate all CI/CD secrets, cloud credentials, SSH keys, and tokens immediately. Treat this incident as a pipeline compromise and assume secrets were exfiltrated.

+3. Remove and quarantine

   - Remove compromised images from registries, caches, and CI/runner stores. Replace pipeline steps that referenced floating tags (including `latest`) with pinned digests or commit SHAs.

+4. Rebuild and harden runners

   - Rebuild self-hosted runners from known-good images, revoke long-lived tokens that runners used, and enable ephemeral credentials/OIDC where possible.

+5. Pin and verify scanner tooling

−

1. Check whether your environment pulled affected Trivy images or action tags. Search for the known compromised digests in registries, local caches, mirrors, or artifact repositories (see Docker advisory digests above and Trivy GitHub advisory exposure window).

   - Pin scanner actions/binaries to explicit commit SHAs or image digests (example: `uses: aquasecurity/trivy-action@<commit-sha>`). When available, verify signatures (sigstore/cosign) and record verified digests in build metadata. Prefer scanner artifacts published with sigstore signatures or by vendors that support immutable releases.

−

2. If you used any affected artifact during the exposure window, rotate all CI/CD secrets, cloud credentials, SSH keys, and tokens immediately. Treat this as a breach and assume secrets were exfiltrated.

−

3. Remove compromised images from registries and CI caches. Replace any pipeline steps that referenced floating tags (including `latest`) with pinned digests or commit SHAs.

−

4. Inspect self-hosted runners for persistence or malware. Rebuild runners from known-good images and revoke long-lived tokens used by runners.

−

5. Pin scanner tooling in CI to explicit commit SHAs or image digests and validate integrity (example: use `uses: aquasecurity/trivy-action@<commit-sha>` or pin to a digest where supported).

−References: Docker advisory (Mar 23, 2026), Trivy GitHub security advisory (GHSA-69fq-xp46-6x23).

References: Trivy GitHub security advisory GHSA-69fq-xp46-6x23 (Mar 21, 2026), Docker blog "Trivy supply chain compromise" (Mar 23, 2026).

−### Step 1: Scan images in CI (updated)

+### Step 1: Scan images in CI (updated recommendations)

- Integrate Trivy and/or Snyk into CI but always pin scanner artifacts to immutable references and verify integrity before running them.

- Fail builds on CRITICAL or HIGH severity by policy, but use runtime-prioritization signals (if available) to focus remediation on exploitable vulnerabilities.

+- Avoid floating tags for tooling (no `latest`). Record the digest/commit used in pipeline metadata for provenance.

−

Integrate Trivy and/or Snyk into the CI pipeline. Fail the build on CRITICAL or HIGH severity vulnerabilities. Important hardening additions after the Trivy incident:

- If you maintain a large registry, consider Snyk Container Registry Sync to import and prune images by rules so scans target in-use images (Snyk blog, Apr 7, 2026).

+Example (pin Trivy action by commit SHA):

−- Pin the scanner action/binary to a specific commit SHA or image digest (avoid floating tags like `latest`).

+- uses: aquasecurity/trivy-action@<commit-sha>

−- Prefer known-good/signed artifacts. When vendors publish signatures, verify them before running the scanner.

−

- Add a CI step that verifies the scanner image digest or action SHA before running it and records the digest in your build metadata.

−

- If using GitHub Actions, avoid `pull_request_target` for workflows that checkout or run external code; prefer safer patterns.

−

- For large registries, consider Snyk Container Registry Sync (GA Apr 7, 2026) to auto-import and prune images so scanning is focused on in-use images and reduces alert fatigue.

+Example (verify image digest before running in CI):

−Example (pin Trivy action by tag or commit SHA):

- Run a lightweight step before the scanner: pull digest via registry API and compare to expected sha256; fail if mismatch.

−

−- uses: aquasecurity/trivy-action@v0.35.0 # or uses: aquasecurity/trivy-action@<commit-sha>

### Step 2: Harden the Kubernetes securityContext

+- Drop all capabilities and add back only what is required

+- runAsNonRoot: true

+- readOnlyRootFilesystem: true (use emptyDir writable mounts where needed)

−

Apply restrictive security settings at both the Pod and container level. Drop all capabilities and add back only what is needed. Set runAsNonRoot, readOnlyRootFilesystem, and an appropriate seccompProfile.

+- seccompProfile: RuntimeDefault or custom restrictive profile

### Step 3: Manage secrets securely

+- Never bake secrets into image layers. Use Kubernetes Secrets with external secret operators or CSI drivers.

−

Never bake secrets into image layers. Use Kubernetes Secrets, external secret operators, or mounted volumes from a secrets manager. Ensure CI secrets are short-lived and rotated automatically where possible.

+- Use short-lived CI secrets and OIDC-based tokens for pipeline steps where supported.

−### Step 4: Generate an SBOM

+### Step 4: Generate and store an SBOM

+- Generate SPDX or CycloneDX SBOMs at build-time and attach them to images in the registry.

Diff▶

+Generated: 2026-04-11T09:26:35.252Z

Summary: This update adds precise Trivy advisory details (GHSA-69fq-xp46-6x23), Docker-published compromised digests and timestamps, stronger CI hardening (pin & verify scanner artifacts with sigstore), and highlights Snyk Container Registry Sync GA (Apr 7, 2026) for large-registry management.

+What changed: - Added GHSA advisory ID and precise affected digests/timestamps from Docker advisory

+- Expanded remediation checklist to require sigstore/cosign verification and recording scanner digests in CI metadata

+- Added operational guidance for Snyk Container Registry Sync (GA Apr 7, 2026)

−Generated: 2026-04-09T09:26:35.319Z

+- Reworded exposure and pinning guidance and clarified last-known-good releases

−

Summary: This update adds Snyk Container Registry Sync (GA Apr 7, 2026) guidance for managing large registries and reduces alert fatigue; it also confirms and expands remediation details for the March 2026 Trivy supply-chain compromise using Docker and Trivy advisory sources. It reinforces CI hardening by requiring pinned scanner artifacts and signature verification.

−

What changed: - Added guidance about Snyk Container Registry Sync (GA Apr 7, 2026) and its benefits for large registries and alert reduction.

−

- Clarified and expanded the Trivy March 2026 incident section with exact digests, affected tags, exposure windows, and safe versions from Docker and Trivy advisories.

−

- Strengthened CI recommendations: pin scanner actions/binaries to commit SHAs or digests; verify signatures; record scanner digests in build metadata.

−

- Minor wording updates in Core concepts, Workflow, Edge cases, and Research-backed changes sections to reflect new sources.

Body changed: yes

Editor: openai/gpt-5-mini

−

Changed sections: Security incident (March 2026), When to use, Core concepts, Workflow, Edge cases and gotchas, Research-backed changes

+Changed sections: Security incident (March 2026), Workflow, Research-backed changes

Experiments:

- Add automated CI step to verify scanner image digest and sigstore signature before running (measure false-positive/false-negative rates)

−- Track Snyk Container Registry Sync adoption and measure scan noise reduction across repositories over 3 months.

- Integrate runtime signals into registry-sync rules to measure reduction in alert fatigue and mean time to remediation (MTTR)

−

- Monitor Trivy GitHub releases for new scanning-engine changes and new vulnerability rules; compare detection delta vs Snyk Container over a rolling 30-day window.

−

- Test automated digest verification step in CI (verify scanner digest/signature) and measure false-positive/false-negative rate and developer friction.

Signals:

−

- LobeHub: Unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header (GitHub Security Advisories)

- Sign in (GitHub Security Advisories)

- Sign up (GitHub Security Advisories)

- paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass (GitHub Security Advisories)

−

- LiquidJS: `renderFile()` / `parseFile()` bypass configured `root` and allow arbitrary file read (GitHub Security Advisories)

+- Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain (GitHub Security Advisories)

Snyk Container Security

Content

Snyk Container Security

Security incident (March 2026)

Snyk Container Security

Content

Snyk Container Security

Security incident (March 2026)

When to use

When NOT to use

Core concepts

Workflow

Step 0: (If you used Trivy during Mar 19–23, 2026) Immediate remediation checklist

Step 1: Scan images in CI (updated recommendations)

Step 2: Harden the Kubernetes securityContext

Step 3: Manage secrets securely

Step 4: Generate and store an SBOM

Step 5: Sign images and verify signatures

Step 6: Enforce policies at admission

Examples

Decision tree

Edge cases and gotchas

Evaluation criteria

Research-backed changes

Agent docs

Codex — Container Security

Environment

When this skill is active

Tool usage

Testing expectations

Common failure modes

Output format

Activity

Automation & run history

Latest refresh trace

Research engine

Sources