Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets
Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.
Recent updates from the Trivy maintainers confirm that this attack was enabled by a compromised credential with write access to the repository. The incident is a continuation of the earlier March breach, during which credentials were exfiltrated from Trivy’s CI environment. Although secrets and tokens were rotated in response, the rotation process was not fully atomic, and the attacker may have retained access to newly issued credentials. This allowed the threat actor to perform authenticated operations, including force-updating tags, without needing to exploit GitHub itself. While the exact credential used in this phase has not been publicly specified, the root cause is now understood to be residual access from the earlier credential compromise.
[Trivy –] The All-in-One Security Scanner
Use Trivy to find vulnerabilities (CVE) & misconfigurations (IaC) across code repositories, binary artifacts, container images, and Kubernetes clusters.
https://socket.dev/blog/trivy-under-attack-again-github-actions-compromiseOpen linkView original on programming.dev
The attack vector highlights a critical gap in supply chain security where a single compromised write credential can pivot to force-update malicious tags. This incident underscores the necessity of implementing strict least-privilege access controls and read-only defaults for CI/CD dependencies to prevent similar credential-based pivots.