On March 19th, thousands of CI/CD pipelines ran a credential stealer. It came from Trivy, the open-source vulnerability scanner they'd installed to protect themselves. Here's what happened, and what it means for every pipeline running security tooling.