Cisco Source Code Stolen in Trivy-Linked Dev Environment Breach

Cisco has confirmed a significant data breach in which threat actors used credentials stolen during the recent Trivy supply chain attack to gain unauthorized access to its internal development environment. The attackers exfiltrated source code belonging to Cisco and several of its enterprise customers, marking one of the most consequential downstream impacts of the March 2026 Trivy supply chain compromise.

What Happened

The breach stems from the Trivy supply chain attack disclosed in late March 2026, in which 75 GitHub Actions tags for the popular Aqua Security Trivy vulnerability scanner were hijacked to execute malicious code in CI/CD pipelines. The compromised workflow exfiltrated CI/CD secrets, API tokens, and environment credentials from affected build environments.

Among the organizations whose development pipelines ran the compromised Trivy Actions tags was Cisco. The attacker used secrets harvested from Cisco's CI/CD environment to authenticate to internal development infrastructure, where they were able to browse and download proprietary source code repositories.

According to BleepingComputer, the stolen material includes source code for Cisco products and customer-specific code maintained in Cisco's development systems. The full scope of what was exfiltrated is still being determined.

Connection to the Trivy Attack

The March 2026 Trivy supply chain attack was a sophisticated campaign in which:

• 75 GitHub Actions tags for aquasecurity/trivy-action were retroactively modified
• Compromised tags deployed a hidden step that exfiltrated $GITHUB_TOKEN, environment variables, and other CI/CD secrets to attacker-controlled infrastructure
• Thousands of organizations that pinned Trivy Actions by tag (rather than commit SHA) were affected
• The attack was first reported as part of a broader wave of GitHub Actions supply chain compromises

Cisco's internal pipelines apparently used one or more of the compromised Trivy tag versions, causing the CI/CD secrets exfiltration. The attackers then pivoted using those credentials to reach Cisco's development environment.

Why This Is Significant

The Cisco breach illustrates the cascading risk model in modern software supply chains:

1. Single point of compromise — one malicious dependency (Trivy Actions) created credential exposure across thousands of organizations
2. Delayed detection window — organizations may not have known their secrets were stolen until attackers acted on them days or weeks later
3. Privileged access escalation — CI/CD secrets often have far broader access than the specific pipelines that use them
4. Downstream customer exposure — if customer source code was in Cisco's development environment, those customers face secondary exposure

Source code theft poses risks including:

• Vulnerability discovery — attackers can audit the code for previously unknown security flaws
• Backdoor insertion — if any stolen code is later re-introduced to the supply chain
• Intellectual property theft — competitive intelligence value for state-sponsored actors
• Customer trust damage — customers whose code was stored in Cisco's environment may face their own exposure

Recommended Actions for Organizations

Audit Your Trivy Actions Usage

# INSECURE: pinned by tag — vulnerable to tag modification attack
- uses: aquasecurity/trivy-action@v0.20.0
 
# SECURE: pinned by commit SHA — immutable
- uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9af4af796a4d0f7f6b8

Any organization that ran CI/CD pipelines using Trivy Actions tags between the attack window should treat all CI/CD secrets from those pipelines as compromised and requiring rotation.

Rotate All CI/CD Secrets Immediately

# GitHub — revoke and regenerate all potentially exposed tokens
# For each affected repository:
gh secret list --repo <owner>/<repo>
# Rotate every secret listed — assume they were all captured
 
# Audit GitHub Actions workflow permissions
# Ensure workflows use minimal GITHUB_TOKEN permissions

Audit Recent Repository Access

Review access logs for your source code management systems (GitHub, GitLab, Bitbucket, Perforce, etc.) for any access from unexpected IPs or service accounts during the post-Trivy compromise window (approximately March 20–31, 2026).

Harden CI/CD Pipeline Dependencies

• Pin all GitHub Actions by commit SHA, never by tag
• Enable Dependabot or similar tools to alert on Actions version updates
• Implement CI/CD secret scanning to detect accidental secret exposure
• Restrict CI/CD token scopes to the minimum required for each job

Broader Supply Chain Attack Implications

The Trivy-to-Cisco attack chain is emblematic of a threat model that security teams must now treat as routine: high-trust developer tools as attack vectors. Security scanners, linters, formatters, and test frameworks are routinely embedded into CI/CD pipelines with elevated permissions — making them attractive targets for threat actors seeking wide-scale initial access.

The incident also underscores that source code repositories are high-value targets that warrant the same protection as production infrastructure, including:

• Network segmentation from general developer workstations
• Mandatory MFA on all access paths
• Comprehensive audit logging with SIEM integration
• Regular access reviews for service accounts and automation credentials

Conclusion

The Cisco source code breach demonstrates that the March 2026 Trivy supply chain attack had consequences far beyond the organizations that directly ran compromised pipelines. Credentials stolen through a widely used security tool became a key to breaching one of the world's largest network equipment manufacturers. Organizations should audit their CI/CD dependency exposure now — before attackers use stolen credentials to unlock their own environments.

Source: BleepingComputer — March 31, 2026