A second major supply chain attack has hit the Trivy ecosystem, with attackers compromising GitHub Actions to distribute malware through version tags. The incident, disclosed by Paul McCarty, affects the aquasecurity/trivy-action repository, where 75 out of 76 version tags were force-pushed to serve malicious payloads. This follows an earlier VS Code extension compromise earlier in March.

The attack targets CI/CD pipelines referencing version tags like @0.33.0 or @0.34.2, executing infostealer code before legitimate scans run. Initial detection occurred at 19:15 UTC, with Socket independently identifying 182 threat feed entries classified as Backdoor, Infostealer, or Reconnaissance malware. The malicious payload harvests secrets, SSH keys, and cloud credentials.

Attackers exploited compromised credentials from an earlier breach, force-pushing tags to point to commits containing swapped entrypoint.sh files. The sophisticated technique involved spoofing commit metadata to match original releases, making detection difficult. Only tag 0.35.0 remains clean, pointing to the latest master commit. GitHub's release UI shows misleading indicators like '0 commits to master since this release,' betraying the compromise. Organizations should pin actions to full commit SHAs for security.