In March 2026, attackers exploited a pull_request_target misconfiguration in the aquasecurity/trivy-action GitHub Action to exfiltrate secrets and backdoor LiteLLM on PyPI. This incident highlighted the need for static analysis tools like zizmor, which detect such misconfigurations before deployment. zizmor, a static analyzer for GitHub Actions workflows, initially had limited support for YAML anchors—a feature that allows reuse of YAML structures. After GitHub Actions added YAML anchor support in September 2025, Trail of Bits collaborated with zizmor maintainers over three months to fully cover anchor patterns. They fixed four critical bugs: aliases in sequences causing crashes or wrong location findings, anchor prefixes leaking into values, duplicate anchors causing panics, and template-injection audits failing on aliased run values. The team built a corpus of 41,253 workflows from 6,612 top-starred open-source repositories to test zizmor. They also addressed deserialization edge cases (e.g., if: 0, timeout-minutes: 0.5) and aligned zizmor's expression evaluator with GitHub's own tests. The effort resulted in 20 filed issues and 15 merged pull requests, strengthening CI security for projects like Bitcoin Core, PHP, and OpenSSL.

Key facts

• Attackers exploited a Trivy Action misconfiguration in March 2026 to backdoor LiteLLM.
• Trail of Bits fixed four critical anchor-handling bugs in zizmor.
• Tested against 41,253 workflows from 6,612 top open-source repositories.
• Addressed deserialization edge cases and aligned with GitHub's expression tests.
• Resulted in 20 filed issues and 15 merged pull requests overall.
• Secured CI for foundational projects like Bitcoin Core, PHP, and OpenSSL.

KeyAudit data perspective