The Trivy Attack: Why SHA Pinning Fails GitHub Actions

The Trivy Supply Chain Attack: Why SHA Pinning Isn't Enough for GitHub Actions For years, the "gold standard" for securing GitHub Actions has been simple: Pin your actions to a full length commit SHA. The logic was sound. Tags like @v3 are mutable; a maintainer (or an attacker with their credentials) could move the tag to a malicious commit. A SHA, however, is immutable. Once you verify actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 , you are safe. Or so we thought. On March 4, 2026, the aquasecurity/trivy repository—one of the most trusted security scanners in the industry—was compromised. The attacker didn't steal a maintainer's password. They didn't compromise a dependency. Instead, they exploited a fundamental architectural flaw in how GitHub handles commit visibility across forks. In this deep dive, we’ll analyze the mechanics of the Trivy attack, why SHA pinning failed to prevent it, and the concrete steps you must take to secure your production CI/CD pipelines. The An