Supply Chain Reality Check: The Second Trivy Compromise

Just saw the alert on The Hacker News about Aqua Security's Trivy getting hit again. It feels like we can't have nice things in the CI/CD space lately. For the second time in a month, attackers managed to compromise the GitHub Actions infrastructure—specifically targeting aquasecurity/trivy-action and aquasecurity/setup-trivy.

The payload was designed to lift GITHUB_TOKEN and other environment variables from the runners. If you are using these actions, you need to assume your secrets are burned unless you can prove otherwise.

We’ve been moving aggressively toward pinning commit SHAs, but this incident highlights that even maintaining trust in the maintainer is getting harder. Here is a quick bash snippet I whipped up to audit our current workflows against the remote HEAD to ensure nothing drifted unexpectedly:

#!/bin/bash

# Check if the used SHA matches the remote master branch
REPO="aquasecurity/trivy-action"
USED_SHA=""
REMOTE_SHA=$(git ls-remote https://github.com/$REPO.git refs/heads/master | cut -f1)

if [ "$USED_SHA" != "$REMOTE_SHA" ]; then
  echo "[ALERT] SHA mismatch for $REPO!"
  echo "Expected: $REMOTE_SHA"
  echo "Used: $USED_SHA"
else
  echo "[OK] SHA matches for $REPO"
fi

Are you all still relying on Dependabot for these updates, or has anyone implemented a manual approval gate for Actions specifically?