Home / Security updates / Datadog's Response to the Trivy v0.69.4 Supply-Chain Attack

Datadog's Response to the Trivy v0.69.4 Supply-Chain Attack

Security updates detail rendered from /security-updates/upd_05b6d13e9c18e2b4.

Overview

Field	Value
id	upd_05b6d13e9c18e2b4
providerId	safebase
organizationId	org_69291cebe8d5d66e
trustCenterId	tc_3aed993e7dda3cf3
title	Datadog's Response to the Trivy v0.69.4 Supply-Chain Attack
message	In response to the supply-chain attack disclosed on March 19, 2026 targeting Trivy v0.69.4, which involved a malicious binary and poisoned GitHub Actions releases, Datadog Security conducted an investigation and confirmed that we are not impacted. However, we suggest customers refer to our [Research Feed](https://app.datadoghq.com/security/feed?exposure=all&product=all&security__live=true&security__timestamp=1774023520212&sort=date&sp=%5B%7B%22p%22%3A%7B%22securityCardId%22%3A%22197%22%7D%2C%22i%22%3A%22security-news-panel%22%7D%5D&type=all) for guidance to assess potential exposure and take the suggested mitigations.
url	-
publishedAt	2026-03-20
source	{ "field": "statuspage/public/compliance-update", "category": "incidents" }
company	{ "id": "org_69291cebe8d5d66e", "name": "Datadog", "domains": [ "trust.datadoghq.com", "datadoghq.com" ] }
trust_center	{ "id": "tc_3aed993e7dda3cf3", "name": "Datadog", "url": "https://trust.datadoghq.com", "host": "trust.datadoghq.com" }
provider	{ "id": "safebase", "name": "SafeBase" }
links	{ "self": "/v1/security-updates/upd_05b6d13e9c18e2b4", "company": "/v1/companies/org_69291cebe8d5d66e", "trust_center": "/v1/trust-centers/tc_3aed993e7dda3cf3", "provider": "/v1/providers/safebase" }

Get this page with API

Rendered from the bluedoor Trust Centers API. Reproduce it:

GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_05b6d13e9c18e2b4JSON