Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy's GitHub Actions Got Owned - 75 Tags Weaponized Against CI/CD Pipelines

If you're using Trivy in your GitHub Actions workflows - and a massive chunk of the dev world is - this one hits close to home. Attackers successfully breached the Trivy Security Scanner's GitHub Actions repository and hijacked 75 tags, turning a trusted security tool into a vector for stealing CI/CD secrets.

Let that sink in. A scanner built to find your vulnerabilities was itself compromised to exfiltrate your pipeline credentials.

What Happened

The attack targeted the GitHub Actions tags associated with the official Trivy repository. Tags in GitHub Actions are commonly pinned by developers to reference specific versions of an action - something like:

uses: aquasecurity/trivy-action@v0.20.0

When those tags get hijacked and pointed at malicious commits, every pipeline that pulls that action executes attacker-controlled code. With access to the runner environment, attackers can:

• Exfiltrate GITHUB_TOKEN and any exposed repository secrets
• Steal cloud provider credentials injected as environment variables
• Pivot into downstream systems using harvested tokens
• Silently tamper with build artifacts or deployment pipelines

This is a classic supply chain attack - low noise, high yield, and brutally effective because developers inherently trust their tooling.

Why This Is Especially Dangerous

Trivy is a security scanner. Teams integrate it specifically to harden their pipelines. The irony is sharp - defenders got hit through their own defenses. This highlights a core truth about supply chain attacks: trust is the attack surface.

Pinning to a mutable tag like @v0.20.0 instead of an immutable commit SHA gives attackers all the leverage they need once they control that tag.

How to Protect Your Pipelines Right Now

Stop relying on mutable tags. Adopt these practices immediately:

• Pin actions to full commit SHAs, not version tags:

  uses: aquasecurity/trivy-action@a8a2e6e

• Audit your existing workflows for any third-party actions using mutable references
• Enable secret scanning and rotate any credentials that ran through affected workflows
• Use tools like step-security/harden-runner to monitor and restrict action behavior at runtime
• Subscribe to security advisories for every GitHub Action in your dependency chain
• Restrict GITHUB_TOKEN permissions to the minimum required per workflow

Supply chain security is not optional anymore. Every action you pull is a trust decision - treat it like one.

Is your app vulnerable to similar attacks? Run an automated scan in 3 minutes with VibeShield.