Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Summary
Trivy, an open-source vulnerability scanner, experienced a second security incident where its GitHub Actions were compromised. Attackers hijacked 75 tags of these actions to distribute malware, ultimately stealing CI/CD secrets.
IFF Assessment
FOE
This incident is bad news for defenders as it demonstrates how trusted tools can be subverted to compromise sensitive development pipelines and steal secrets.
Defender Context
This breach highlights the critical need for robust supply chain security, especially for CI/CD pipelines. Defenders should closely monitor the integrity of third-party tools and actions integrated into their development workflows and implement strict access controls for secrets.