Skip to main content
Application Security Standards
Checkmarx Supply Chain Compromise: Four Hours That Exposed CI/CD Pipeline RisksIncident
4 min readFor DevOps Leaders

Checkmarx Supply Chain Compromise: Four Hours That Exposed CI/CD Pipeline Risks

Incident Overview

On March 23, 2026, an attacker published malicious versions of two Checkmarx plugins to the OpenVSX registry: ast-results-2.53.0.vsix and cx-dev-assist-1.7.0.vsix. Between 12:58 and 16:50 UTC, the attacker injected malicious payloads into GitHub Actions workflows. Organizations that downloaded these artifacts during this window potentially executed untrusted code in their CI/CD pipelines.

This was not a vulnerability in Checkmarx's products. The compromise occurred in the distribution channel itself—a third-party registry that many teams trust implicitly.

Timeline

  • 12:58 UTC - Malicious GitHub Actions workflows become available
  • Unknown time - Attacker publishes compromised plugins to OpenVSX registry
  • 16:50 UTC - Malicious GitHub Actions workflows removed
  • March 23, 2026 - Checkmarx issues security advisory

The four-hour exposure window for GitHub Actions is the confirmed timeframe. The exact duration of the OpenVSX compromise remains unclear, highlighting a detection gap.

Failed or Missing Controls

Artifact Integrity Verification: Teams lacked automated validation of package signatures or checksums against a known-good source. If you're pulling artifacts from OpenVSX, GitHub Marketplace, or any third-party registry, cryptographic verification before execution is essential.

Supply Chain Visibility: The incident shows insufficient dependency mapping. How many teams knew they were consuming Checkmarx plugins via OpenVSX versus official channels? Your SBOM (Software Bill of Materials) should track not just what you consume, but where it comes from.

Runtime Monitoring in CI/CD: The malicious payloads executed in GitHub Actions workflows. CI/CD environments should not be treated as inherently trusted. Apply the same runtime monitoring in your pipeline as you would in production workloads.

Registry Trust Boundaries: The attack succeeded because teams treated OpenVSX as equivalent to Checkmarx's official distribution. Your artifact management policy should explicitly define which registries are authoritative for which packages.

Relevant Standards

PCI DSS v4.0.1 Requirement 6.3.2 mandates maintaining an inventory of bespoke and custom software, and third-party software components, including their sources. If you can't map which registry provided which version of ast-results, you're not compliant.

NIST 800-53 Rev 5 SR-3 (Supply Chain Protection) requires integrity verification mechanisms for software components. Validating the integrity and authenticity of software before installation is crucial. Pulling from OpenVSX without signature verification fails this requirement.

ISO/IEC 27001:2022 Annex A.8.30 addresses secure coding and development practices, including the security of development tools and environments. Your GitHub Actions workflows are development infrastructure—they require the same security controls as any other system processing sensitive data.

SOC 2 Type II CC6.8 requires monitoring of system components for anomalies. A malicious GitHub Action executing in your pipeline for four hours represents an undetected anomaly in a critical system.

Action Items for Your Team

Implement Artifact Signature Verification: Before pulling anything from a third-party registry:

  • Configure package managers to require valid signatures
  • Maintain a list of trusted signing keys for each vendor
  • Fail builds when signatures are missing or invalid
  • For GitHub Actions, pin to commit SHAs, not tags that can be moved

Build a Complete Dependency Map: You need three views:

  1. Direct dependencies (what you explicitly declared)
  2. Transitive dependencies (what your dependencies pull in)
  3. Source registries (where each artifact actually came from)

Tools like Syft or SPDX generators can produce SBOMs, but you need to extend them with registry provenance data. A spreadsheet works if automation isn't ready yet.

Apply Zero-Trust Principles to CI/CD: Your GitHub Actions runners should:

  • Run with minimal IAM permissions (never use admin tokens)
  • Execute in isolated environments
  • Have egress filtering (block unexpected network destinations)
  • Generate audit logs you actually review

The compromised workflows could have exfiltrated secrets, modified code, or pivoted to production systems. Network segmentation would limit the blast radius.

Define Registry Trust Tiers: Create a policy document that specifies:

  • Tier 1: Official vendor channels only (Checkmarx's own registry)
  • Tier 2: Vetted third-party registries with additional verification (OpenVSX with signature checks)
  • Tier 3: Community registries requiring manual security review before use

Enforce these tiers in your artifact management system. If someone tries to pull ast-results from an unapproved source, the pipeline should fail.

Establish Response Playbooks for Supply Chain Incidents: When Checkmarx issued their advisory, your team needed to answer immediately:

  • Which systems consumed the affected plugins?
  • What secrets or data did those systems access?
  • What code did they produce or deploy?

If you couldn't answer these questions within an hour, you lack the telemetry for effective incident response. Your playbook should include:

  • Automated queries against your SBOM database
  • Pre-written notification templates for affected teams
  • Rollback procedures for potentially compromised builds
  • Credential rotation checklists

Test Your Detection Capabilities: Run a tabletop exercise: "An attacker compromises a plugin in our most-used third-party registry. How long until we detect it? How do we determine exposure?" If the answer involves manual investigation spanning days, you need better tooling.

The four-hour window in this incident was short. Many supply chain compromises persist for months. Your monitoring needs to catch anomalous behavior in CI/CD workflows—unexpected network connections, unusual file system access, or suspicious process execution.

This incident happened because teams trusted a distribution channel without verification. The technical controls to prevent it—signature validation, SBOM tracking, pipeline isolation—are available now. The question is whether you'll implement them before or after your own four-hour window.

Topics:Incident

You Might Also Like

Checkmarx GitHub Actions Breach: A CI/CD Credential Theft Teardown
4 min readFor Security Engineers

Checkmarx GitHub Actions Breach: A CI/CD Credential Theft Teardown

On January 14, 2025, Checkmarx disclosed that threat actor TeamPCP compromised their GitHub Actions workflows by stealing CI credentials. This incident, similar to a previous attack on Aqua Security s

Read
A Poisoned Security Scanner Backdoored a Python Package in Three Hours
4 min readFor Security Engineers

A Poisoned Security Scanner Backdoored a Python Package in Three Hours

On PyPI, malicious versions of LiteLLM were available for download for about three hours. The attack vector? A compromised Trivy GitHub Action that stole the maintainer s PyPI publishing credentials.

Read
Credential Harvester Hiding in Your Security Scanner: The LiteLLM Backdoor
4 min readFor Security Engineers

Credential Harvester Hiding in Your Security Scanner: The LiteLLM Backdoor

What Happened On March 24, 2026, threat actor TeamPCP released two compromised versions of the Python package litellm—versions 1.82.7 and 1.82.8. These contained a multi-stage attack toolkit, includin

Read