From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise

CrowdStrike's analysis uncovered a complex supply chain compromise involving the trivy-action GitHub Action, commonly used in CI/CD pipelines. The compromise involved 76 out of 77 release tags of the vulnerability scanner being retroactively poisoned through a technique known as git tag repointing. This allowed a multi-stage credential stealer to execute silently before the legitimate scanner, enabling the theft of sensitive credentials and information from affected workflows. The attack exploited GitHub Actions' trust model, where actions are referenced by tags that can be silently altered, thereby highlighting the vulnerabilities in mutable references within software supply chains. Aqua Security confirmed the compromise and removed the malicious artifacts, while CrowdStrike's detection mechanisms identified the unusual script behavior, providing protection and investigation capabilities for affected organizations. The analysis underscores the importance of pinning actions by commit SHA, monitoring CI/CD environments with diligence, and treating pipeline code with the same scrutiny as production code to mitigate similar threats in the future.