step-security

step-security / trivy-compromise-scanner

Public

Scan for workflow runs that are impacted by trivy action compromise

docs.stepsecurity.io
19
3
100% credibility
Found Mar 30, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

A scanning tool that reviews GitHub project workflow logs for evidence of using compromised versions of a specific security action during a brief supply chain incident.

How It Works

1
📰 Hear about the Trivy security alert

You learn about a short-lived compromise in a popular security tool called Trivy that might have affected GitHub projects.

2
📥 Get the free checker tool

You download and set up this simple scanner on your computer to check your own projects.

3
🔑 Connect your GitHub safely

You link your GitHub account with a secure permission check to ensure it can peek at your project histories without issues.

4
📂 Choose projects to review

You pick specific projects or your whole team folder to scan for any risky tool usage during that alert time.

5
🚀 Start the scan

You launch the check, watch a progress bar as it reviews workflow histories, and it pauses smartly if needed to avoid overload.

6
📊 Review easy results

You get a clear summary table plus detailed file listing any matches with links to the exact runs.

✅ Projects checked and safe

You now know exactly which runs used the compromised version, with links to update and secure everything.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is trivy-compromise-scanner?

This Go CLI tool scans GitHub repositories or entire organizations for workflow runs impacted by the aquasecurity/trivy-action supply chain compromise between March 19-20, 2026. Provide a GitHub token, target repos or orgs, and it lists affected runs within that window, downloading logs to flag exact matches on compromised action SHAs or tags—outputting a summary table, JSON, or CSV with run URLs and log snippets. It's built for quick post-incident audits to scan GitHub Actions for malicious code insertions.

Why is it gaining traction?

Unlike broad scanners, it zeros in on this specific trivy compromise with pre-compiled patterns for known bad SHAs, handling GitHub API rate limits, pagination, and log zips automatically. Developers like the dry-run mode to test tokens, tunable workers for speed, verbose logging, and live progress bars—no setup beyond `go install`. It surfaces actionable findings fast, like "scan github repo for malware" tailored to action compromises.

Who should use this?

GitHub org admins or security engineers auditing scan github repositories after supply chain alerts. DevOps teams scanning github actions in CI workflows for credentials leaks or virus-like injections during the trivy window. Anyone managing scan-workflow software needing to verify no reality scan workflow or papercut scan workflow ran tainted trivy actions.

Verdict

Grab it if you used trivy-action around March 2026—solid docs, tests, and CLI make it dead simple despite 19 stars and 1.0% credibility score signaling early maturity. Run a dry-run first; extend patterns.go for similar incidents.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.