A significant security breach has impacted the Trivy GitHub Action, used in numerous continuous integration and deployment pipelines. The attack, disclosed in March 2026, is the second such incident targeting the Trivy ecosystem within the same month, highlighting a critical vulnerability in supply chain security.
Widespread Impact of the Trivy Security Breach
The attackers managed to compromise 75 out of 76 version tags of the Trivy GitHub Action, effectively creating a conduit for a malicious infostealer. With over 10,000 GitHub workflow files utilizing this action, the scale of potential credential theft is considerable, affecting pipelines globally.
Understanding the Tag Poisoning Method
Instead of creating new branches or releases, the perpetrators exploited residual access from a previous breach to modify existing version tags. By force-pushing 75 tags, including those widely used, the attackers transformed trusted references into vectors for malware distribution. This approach allowed them to bypass security alerts and avoid triggering project maintainers’ attention.
The attackers meticulously spoofed Git commit metadata, replicating author names and commit messages to mask their activities as legitimate. They replaced the legitimate entrypoint.sh file with a malicious version, although inconsistencies in commit dates and missing GPG signatures could reveal the tampering.
Operational Tactics of the Infostealer
The injected script operates in three stages: gathering data, encrypting it, and exfiltrating it stealthily. On GitHub-hosted environments, it exploits passwordless sudo privileges to extract secrets, while on self-hosted runners, a Python script searches for sensitive information like SSH keys and database credentials.
Data is compressed and encrypted using AES-256-CBC, then sent to a typosquatted domain via HTTPS. If this fails, it uses a victim’s GitHub token to upload data to a public repository, further complicating detection.
Mitigation and Security Measures
Organizations must cease using version tags for the Trivy action, except for the unaffected version @0.35.0. Security teams should immediately rotate exposed secrets and audit GitHub repositories for unauthorized entries. Pinning actions to specific safe commit SHAs can prevent future compromises.
This incident serves as a stark reminder of the importance of robust security practices in protecting CI/CD environments from sophisticated cyber threats.
