March 2026 Workflow Exposure Review
Coverage
Workflow YAML, reusable workflows, and shell entrypoints
Detection
Compromised, historically exposed, and unrestored tags
Runtime
Streamed findings, in-memory results, privacy-conscious logging
Trace compromised Trivy workflow references across your GitHub estate.
Authenticate with GitHub, choose the organizations or repositories you can already access, and review findings as each repository completes. The scanner follows direct workflow usage, reusable workflows, and script hand-offs that call Trivy.
- Flags compromised `trivy-action` and `setup-trivy` tags.
- Surfaces findings from direct workflow usage and nested reusable workflows.
- Shows live progress as repositories complete.
Access Model
Continue With GitHub
Use your own GitHub identity so scans only inspect the organizations and repositories you can already access.
- Authorize the app with your GitHub user.
- Select member orgs, specific repositories, or one public org.
- Watch the incident report populate in real time.
This scanner is provided as a convenience only. Findings and enrichment are best-effort, may be incomplete, and are not a substitute for validating upstream advisories, repository history, and your own incident-response process.