Back to Intelligence

Defending Against the Trivy GitHub Actions Supply Chain Attack: Detection and Remediation

SA
Security Arsenal Team
March 28, 2026
6 min read

Introduction

In a alarming development for the DevSecOps community, Trivy—a widely adopted open-source vulnerability scanner maintained by Aqua Security—has suffered a second security breach in under a month. This recent incident specifically targets GitHub Actions, a critical component of many modern CI/CD pipelines.

For defenders, the irony is palpable: a tool designed to find vulnerabilities was itself turned into a vulnerability. This breach highlights a persistent risk in the software supply chain. When attackers compromise trusted tools like aquasecurity/trivy-action, they don't just attack code; they attack the infrastructure that builds and deploys code. Understanding how to detect this compromise and harden your CI/CD environments is now urgent for organizations relying on Trivy for container security.

Technical Analysis

The Incident

Attackers successfully hijacked 75 distinct tags associated with the popular GitHub Actions aquasecurity/trivy-action and aquasecurity/setup-trivy. These actions are standardly used to scan Docker container images for vulnerabilities and to configure the Trivy scanner within GitHub workflows.

The Mechanism

This is a classic supply chain attack via dependency confusion or tag hijacking. By pushing malicious code to specific tags of the repository, attackers ensured that any CI/CD pipeline referencing those compromised tags would download and execute the altered software.

The Payload

Once executed in a GitHub Runner environment, the malicious variant of Trivy is capable of exfiltrating sensitive CI/CD secrets. This includes GITHUB_TOKEN, AWS credentials, Docker Hub tokens, and other secrets exposed as environment variables in the workflow. Access to these secrets allows attackers to move laterally, push malicious code to repositories, or poison container registries.

Severity and Scope

The severity is Critical. Because GitHub Actions often run with elevated privileges to push code or deploy containers, the theft of these credentials effectively bypasses traditional perimeter defenses. The impact affects any organization running self-hosted or GitHub-hosted runners that pulled the affected tags during the compromise window.

Defensive Monitoring

To determine if your organization has been affected, you must audit your workflow usage and investigate potential secret exfiltration. Use the following scripts and queries to assess your security posture.

1. Audit Local Repositories for Affected Actions

This Bash script scans a directory of local Git repositories to identify workflow files (.yml or .yaml) that reference the affected Aqua Security actions. It checks if the workflows are utilizing specific tags that may have been impacted or if they are using unpinned versions (e.g., @main), which increases risk.

Script / Code
#!/bin/bash

# Affected Actions
AFFECTED_ACTIONS=("aquasecurity/trivy-action" "aquasecurity/setup-trivy")

echo "Scanning for Trivy GitHub Actions usage..."

# Find all workflow files
find . -name ".github/workflows/*.yml" -o -name ".github/workflows/*.yaml" | while read -r file; do
    echo "Checking file: $file"
    
    for action in "${AFFECTED_ACTIONS[@]}"; do
        # Grep for the action usage in the file
        if grep -q "$action" "$file"; then
            echo "[!] Found usage of $action in $file"
            # Print the lines containing the action for review
            grep -n "$action" "$file"
        fi
    done
done

echo "Scan complete. Please review the tags/refs used in the output above."

2. PowerShell Audit for Windows Environments

If your development teams operate primarily on Windows, use this PowerShell script to scan for references to the compromised actions.

Script / Code
# Define the affected actions
$affectedActions = @("aquasecurity/trivy-action", "aquasecurity/setup-trivy")

Write-Host "Scanning for Trivy GitHub Actions usage..." -ForegroundColor Cyan

# Recursively find all YAML files in .github/workflows
$workflowFiles = Get-ChildItem -Path . -Recurse -Filter *.yml -ErrorAction SilentlyContinue | 
                  Where-Object { $_.FullName -like "*\.github\workflows*" }

foreach ($file in $workflowFiles) {
    $content = Get-Content $file.FullName -Raw
    
    foreach ($action in $affectedActions) {
        if ($content -like "*$action*") {
            Write-Host "[!] Found usage of $action in $($file.FullName)" -ForegroundColor Red
            # Extract lines for context
            Select-String -Path $file.FullName -Pattern $action
        }
    }
}

Write-Host "Audit complete." -ForegroundColor Green

3. KQL Query for Microsoft Sentinel (GitHub Connector)

If you are ingesting GitHub Audit Logs into Microsoft Sentinel, use this KQL query to look for workflow executions that utilized the affected actions during the suspected timeframe. This helps identify runs that may have been exposed to the malicious code.

Script / Code
// Search for GitHub Workflow Run events using Trivy actions
GitHubAuditLogs
| where Action == "workflow_run"
| extend Repository = tostring(Entity["repository_name"])
| extend WorkflowName = tostring(Data["workflow_name"])
| where WorkflowName contains "trivy" or WorkflowName contains "scan" or WorkflowName contains "security"
// Filter by time frame of the breach (adjust dates as necessary based on intelligence)
| where TimeGenerated between(datetime(2026-03-01) .. datetime(2026-03-31))
| project TimeGenerated, Actor, Repository, WorkflowName, HeadBranch, HeadSha
| order by TimeGenerated desc

Remediation

If you suspect exposure or to proactively defend against this supply chain threat, Security Arsenal recommends the following immediate remediation steps:

  1. Pin Actions to Commit SHAs: Stop using version tags (e.g., @v0.15.0) or mutable refs (e.g., @main) for third-party GitHub Actions. Update your workflow YAML files to reference the specific full-length Commit SHA of a known-good version of the action. This ensures that even if a tag is updated or hijacked, your pipeline will run the exact code verified by the SHA.

    yaml

    Example of secure pinning

    • name: Run Trivy uses: aquasecurity/trivy-action@8d35019666e977c4f8ae47e8f9e5c855b1f20c1e # replace with verified SHA

  2. Rotate All CI/CD Secrets: Assume that if a compromised action ran in your repository, any secrets available to that workflow (GITHUB_TOKEN, cloud provider keys, database credentials) were compromised. Immediately rotate these credentials and revoke API keys generated before the patch date.

  3. Review Aqua Security Advisories: Check the official Aqua Security blog or GitHub repository advisories for the list of specific malicious tags. Ensure your workflows are not referencing these specific versions.

  4. Implement Branch Protection Rules: Configure your repository settings to require pull request reviews before changes to GitHub Actions workflows can be merged. This prevents attackers (or compromised accounts) from silently injecting malicious steps into your CI/CD pipeline.

  5. Scan Pipeline Artifacts: Include a step in your remediation process to scan recent Docker images or build artifacts produced during the compromise window. This ensures that the malicious Trivy instance did not inject backdoors into your final software products.

Related Resources

Security Arsenal Incident Response Services AlertMonitor Platform Book a SOC Assessment incident-response Intel Hub

incident-responseransomwareforensicssupply-chaindevsecopsgithub-actionstrivyci-cd-security

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.

Book a SOC AssessmentSee AlertMonitor in Action