March 23, 2026
Tag, you’re it—your secrets are gone
Trivy under attack again: Widespread GitHub Actions tag compromise secrets
Security tool turned booby trap, devs rage and eye‑roll
TLDR: A hacker reused stolen credentials to silently swap 75 “trusted” Trivy action versions with code that steals secrets, hitting thousands of automated builds. Commenters are split between blasting security theater, mocking “only npm is bad” takes, and collectively sighing that trust in version tags just took a big hit.
The Trivy saga just went full soap opera: a popular security tool’s GitHub Action—the automated helper many teams use in their builds—had 75 version tags quietly swapped to run a secret‑stealing script. Translation: a “trusted” version label became a trap. Only @0.35.0 looks clean. Socket says it caught the stunt in real time, flagging 182 malicious entries, while maintainers now admit a reused, still‑valid credential from the earlier March breach let the attacker sneak in without touching the main code. Think changing the label on a bottle, not the drink inside. Sneaky.
The comments are a mix of rage, sarcasm, and deep fatigue. One crowd is blasting “security theater,” with developers groaning that the very tools meant to protect them demand huge access—then get popped. Another faction is connecting dots to the earlier Docker image mess, citing the official advisory for those booby‑trapped releases here. And yes, the blame game is on: some say this is a GitHub trust issue; others point out the root cause was plain old leaked creds and a sloppy key rotation—basically changing the locks while the burglar still has a copy.
Memes? Oh, they’re here. A sarcastic jab—“But I thought only npm had problems?”—lands hard, and another commenter sums up the vibe in one word: “fatiguing.” Even the meta‑thread linkers are piling on with related HN chatter. It’s a warning shot: tags aren’t sacred, and “set it and forget it” can get your secrets shipped to the wrong place.
Key Points
- •Attackers force-pushed 75 of 76 version tags in aquasecurity/trivy-action to malicious commits, compromising GitHub Actions workflows.
- •Over 10,000 GitHub workflow files reference the action; commonly used tags execute malicious code before Trivy runs; tag @0.35.0 is unaffected.
- •Socket detected the campaign starting around 19:15 UTC, generating 182 threat entries and classifying the malware as backdoor/infostealer/recon.
- •The payload targets CI/CD runner secrets, including process memory, SSH keys, and credentials for AWS, GCP, Azure, and Kubernetes tokens.
- •Trivy maintainers attribute the incident to compromised credentials retained from an earlier March breach; incomplete atomic rotation allowed authenticated tag updates.