Home / Security updates / JuliaHub Security Bulletin: Third-Party Supply Chain Events — March/April 2026
JuliaHub Security Bulletin: Third-Party Supply Chain Events — March/April 2026
Security updates detail rendered from /security-updates/upd_09f4ef59a09bffa4.
Overview
| ID | upd_09f4ef59a09bffa4 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | JuliaHub |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_09f4ef59a09bffa4 |
| providerId | safebase |
| organizationId | org_b9ac96d9e9d27fd5 |
| trustCenterId | tc_dcaffa198da61a1a |
| title | JuliaHub Security Bulletin: Third-Party Supply Chain Events — March/April 2026 |
| message | **Date:** 23 April 2026 **Severity:** Informational (no JuliaHub platform compromise confirmed across all incidents) **Affected Products:** JuliaHub Platform --- ## Overview This bulletin covers three separate but interconnected security events that occurred during March–April 2026, all involving third-party software components used by or distributed via the JuliaHub platform. We are issuing this notice in the interest of transparency and to inform customers of the actions we have taken in each case. --- ## Incident 1: Third-Party Supply Chain Attack on Trivy ### Background Trivy is an open-source vulnerability and Software Bill of Materials (SBOM) scanner developed by Aqua Security. JuliaHub uses Trivy in two capacities: as part of our static analysis service, and for container image scanning. In early March 2026, Trivy itself became the target of a supply chain attack. The root cause was a misconfigured GitHub Actions (GHA) workflow in the Trivy project, which allowed a |
| url | - |
| publishedAt | 2026-04-23 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "general"
} |
| company | {
"id": "org_b9ac96d9e9d27fd5",
"name": "JuliaHub",
"domains": [
"trust.juliahub.com",
"juliahub.com"
]
} |
| trust_center | {
"id": "tc_dcaffa198da61a1a",
"name": "JuliaHub",
"url": "https://trust.juliahub.com",
"host": "trust.juliahub.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_09f4ef59a09bffa4",
"company": "/v1/companies/org_b9ac96d9e9d27fd5",
"trust_center": "/v1/trust-centers/tc_dcaffa198da61a1a",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_09f4ef59a09bffa4JSON