How to Protect GitHub Actions from Supply Chain Data Exfiltration Attacks
)
CargoWall provides proactive protection against data exfiltration
)
March 23, 2026
Last week, Aquasec's open-source CVE scanner Trivy was attacked by malicious users. The attackers were able to silently update GitHub Actions tags so they pointed to malicious code. Whenever a user tried to use the Trivy CVE scanner for a legitimate purpose, they unknowingly ran the malicious version of the software which exfiltrated SSH keys and other sensitive credentials.
This type of attack will only become more common as software supply chain automation has increasingly become a ripe target for exploitation. Luckily we built a fix that will proactively protect your GitHub Actions from this type of exploit.
The Exploit
GitHub Actions are modules that are used in GitHub's CI/CD pipeline ecosystem. GitHub Actions are created by the open-source community, commercial software vendors, and GitHub themselves. They make it easy to package specific functionality in an easy-to-use format within your pipelines.
Below is a very simple GitHub Actions workflow that uses the Trivy CVE scanner:
name: Trivy Security Scan on: push: branches: [ main ] pull_request: branches: [ main ] workflow_dispatch: jobs: trivy-scan: name: Trivy Vulnerability Scan runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.69.2In particular, this workflow uses
aquasecurity/trivy-action@0.6.2 - that's the Trivy CVE scanner. In this exploit, the attackers were able to make the tag 0.69.2 (another name for software version) reference a malicious version of the software that exfiltrated sensitive credentials including SSH keys. This type of attack is dangerous because there are hundreds of thousands - potentially millions of GitHub pipelines that are using this specific version of the Trivy CVE scanner. Those pipelines were immediately exploited and attackers were able to steal sensitive information.
How to Protect Yourself
At the time of this publication, the fix has already been implemented by Aquasec - they were able to purge the malicious code so users can safely leverage the CVE scanner. This represents a reactive remediation - sensitive data was leaked. Even though the vulnerability has been fixed, organizations will ultimately spend millions of dollars to minimize the damage.
It's important to protect against this type of vulnerability proactively.
Ultimately, data exfiltration exploits all rely on the same attack vector: they must steal sensitive information and then exfiltrate it through the network. You can protect against all variants of this type of attack by implementing a strong network security firewall for your GitHub Actions.
To protect against this type of attack, we built an open-source GitHub Action named CargoWall. It is an eBPF traffic control layer that will block network egress packets if they are not on an allow list. It handles multiple network protocols, supports hostname/CIDR filtering, works with Docker/Kubernetes, and offers a
sudo lockdown so other GitHub Actions cannot change your firewall rules.When you add this to your pipelines, it will protect against this type of data exfiltration vulnerability for your GitHub Actions. You can setup policies for individual pipelines or protect all of them at once.
Setting up the GitHub Action is incredibly easy:
- uses: code-cargo/cargowall-action@v1 with: default-action: deny allowed-hosts: | github.com, registry.npmjs.orgInsert this code into your GitHub Actions workflows, and configure
allowed-hosts to include valid network endpoints for your workflow. Now you're protected against this entire class of attack.Our CargoWall GitHub Action works with both public and private repositories for GitHub-hosted and self-hosted runners.
C
CodeCargo Team
The CodeCargo team writes about GitHub workflow automation, developer productivity, and DevOps best practices.