HN

Need help?
<- Back
Trivy under attack again: Widespread GitHub Actions tag compromise secrets

Trivy under attack again: Widespread GitHub Actions tag compromise secrets

jicea

Comments (47)

  • tkzed49
    "GitHub's own security guidance recommends pinning actions to full commit SHAs as the only truly immutable way to consume an action"Why doesn't GitHub just enforce immutable versioning for actions? If you don't want immutable releases, you don't get to publish an Action. They could decide to enforce this and mitigate this class of issue.
  • deathanatos
    My initial thought is that if this isn't a new compromise, Trivy must not have rotated the old credentials. They claim, however,> We rotated secrets and tokens, but the process wasn't atomic and attackers may have been privy to refreshed tokensā€¦ does anyone know what exactly they're talking about, here? To my knowledge, GH does not divulge new tokens after they're issued, but it depends on the exact auth type we're talking about, and GH has an absurd number of different types of tokens/keys one can use.
  • PunchyHamster
    You're supposed to scan for vulnerabilities, not become one!
  • dang
    Recent and related:Trivy ecosystem supply chain temporarily compromised - https://news.ycombinator.com/item?id=47450142 - March 2026 (35 comments)
  • Shank
    > On March 22, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.5 and v0.69.6 DockerHub images. (https://github.com/aquasecurity/trivy/security/advisories/GH...)So the first incident was on March 19th and the second incident is March 22nd ā€”- evidently the attackers maintained persistence through maybe two separate credential rotation efforts.
  • d3nit
    Well, not my best 2 weeks at work, now I have to fill out a dozen forms and sit trough a shitload of meeting, just because they got pwned (twice, or once, but really badly :D )
  • progbits
    Friendly reminder that just because someone is building security software it doesn't mean they are competent and won't cause more harm than good.Every month the security team wants me to give full code or cloud access to some new scanner they want to trial. They love the fancy dashboards and lengthy reports but if I allowed just 10% of what they wanted we would be pwned on the regular...
  • anon
    undefined
  • xinayder
    Wasn't this discovered already last week, on Friday, that the threat actor had replaced the legit images with malware images? And republished 75 out of 76 tags?
  • huslage
    How the heck are credential compromises still a thing with 2FA and refresh tokens???
  • ashishb
    I always run such tools inside sandboxes to limit the blast radius.
  • kevincloudsec
    second breach in a month from the same initial credential compromise. the first rotation didn't fully revoke access. the attacker walked right back in. no persistence needed.
  • h1fra
    /s But I thought npm was the issue, and all of this couldn't happen anywhere else?!
  • ohsecurity
    [dead]
  • Pahacker
    [flagged]
  • yieldcrv
    fatiguing
  • Pahacker
    GG
  • g947o
    People have been warning about giant security holes in GitHub Actions dependency but MS did nothing.