checkmarx-ast-github-action
Checkmarx AST GitHub Action compromised
Attackers gained unauthorized access to Checkmarx GitHub repositories through the TeamPCP/Trivy supply-chain chain and injected credential-harvesting payloads into the public AST GitHub Action. Checkmarx reported a March 23, 2026 exposure window for the GitHub Actions and a second affected ast-github-action tag, 2.3.35, on April 22, 2026.
- Date
- 2026-03-23 to 2026-04-22
- Category
- Commercial
- Target Surface
- Revision control
- Insertion Phase
- CI/CD
- Impact
- Credential theft
- Cause
- Compromised Account/Credentials
What Was Affected
Package
checkmarx-ast-github-action
LanguageShell
ComponentApplication
Artifact typeaction
Domain typerepository
Domain
github.com
Repository
github.com/Checkmarx/ast-github-action
Compromised Versions
- main during March 2026 exposure window
- 2.3.32
- 2.3.35
Incident Context
- Motive
- Credential Theft
- Attribution
- Advanced Persistent Threat
- Transitive
- Yes
- User Impact
- 0
- Observed Duration
- 30 days
Evidence
Compromised Artifacts
External References
Source Data
Source record: proprietary/checkmarx-ast/meta.yaml