TL;DR

Supply chain attacks in 2025–2026 — Axios, Shai-Hulud, TeamPCP — proved that trusting your dependencies is no longer viable. This walkthrough shows you how to layer SAST (Semgrep, CodeQL), SCA (Trivy, OSV-Scanner, Snyk), and secret scanning (Gitleaks, TruffleHog) into GitHub Actions or GitLab CI without drowning your developers in noise. Includes working YAML snippets, fail-the-build versus advisory-only strategies, and SLSA Level 1 quick wins you can ship today.​‌‌​​‌​​‍​‌‌​​‌​‌‍​‌‌‌​‌‌​‍​‌‌‌​​‌‌‍​‌‌​​‌​‌‍​‌‌​​​‌‌‍​‌‌​‌‌‌‌‍​‌‌‌​​​​‍​‌‌‌​​‌‌‍​​‌​‌‌​‌‍​‌‌‌​​​​‍​‌‌​‌​​‌‍​‌‌‌​​​​‍​‌‌​​‌​‌‍​‌‌​‌‌​​‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌​​‌​‌‍​​‌​‌‌​‌‍​‌‌​‌​​​‍​‌‌​​​​‌‍​‌‌‌​​‌​‍​‌‌​​‌​​‍​‌‌​​‌​‌‍​‌‌​‌‌‌​‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌​​‌‌‌‍​​‌​‌‌​‌‍​‌‌‌​​‌‌‍​‌‌​​​​‌‍​‌‌‌​​‌‌‍​‌‌‌​‌​​‍​​‌​‌‌​‌‍​‌‌‌​​‌‌‍​‌‌​​​‌‌‍​‌‌​​​​‌‍​​‌​‌‌​‌‍​‌‌‌​​‌‌‍​‌‌​​‌​‌‍​‌‌​​​‌‌‍​‌‌‌​​‌​‍​‌‌​​‌​‌‍​‌‌‌​‌​​‍​​‌​‌‌​‌‍​‌‌‌​​‌‌‍​‌‌​​​‌‌‍​‌‌​​​​‌‍​‌‌​‌‌‌​‍​‌‌​‌‌‌​‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌​​‌‌‌

The Threat Landscape Has Shifted

The Axios npm RAT (March 2026) distributed a cross-platform trojan through 100 million weekly downloads. The Shai-Hulud worm (September 2025) self-propagated across 500+ npm packages by stealing maintainer credentials. TeamPCP (March–April 2026) compromised Trivy, LiteLLM, Checkmarx KICS, and Bitwarden CLI across npm, PyPI, and Docker Hub simultaneously.

The common thread: every payload was engineered to steal secrets from CI/CD pipelines and developer environments. If your pipeline isn't scanning for vulnerable dependencies and leaked credentials before merge, you're flying blind.​‌‌​​‌​​‍​‌‌​​‌​‌‍​‌‌‌​‌‌​‍​‌‌‌​​‌‌‍​‌‌​​‌​‌‍​‌‌​​​‌‌‍​‌‌​‌‌‌‌‍​‌‌‌​​​​‍​‌‌‌​​‌‌‍​​‌​‌‌​‌‍​‌‌‌​​​​‍​‌‌​‌​​‌‍​‌‌‌​​​​‍​‌‌​​‌​‌‍​‌‌​‌‌​​‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌​​‌​‌‍​​‌​‌‌​‌‍​

‌‌​‌​​​‍​‌‌​​​​‌‍​‌‌‌​​‌​‍​‌‌​​‌​​‍​‌‌​​‌​‌‍​‌‌​‌‌‌​‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌​​‌‌‌‍​​‌​‌‌​‌‍​‌‌‌​​‌‌‍​‌‌​​​​‌‍​‌‌‌​​‌‌‍​‌‌‌​‌​​‍​​‌​‌‌​‌‍​‌‌‌​​‌‌‍​‌‌​​​‌‌‍​‌‌​​​​‌‍​​‌​‌‌​‌‍​‌‌‌​​‌‌‍​‌‌​​‌​‌‍​‌‌​​​‌‌‍​‌‌‌​​‌​‍​‌‌​​‌​‌‍​‌‌‌​‌​​‍​​‌​‌‌​‌‍​‌‌‌​​‌‌‍​‌‌​​​‌‌‍​‌‌​​​​‌‍​‌‌​‌‌‌​‍​‌‌​‌‌‌​‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌​​‌‌‌

Layer 1: Static Application Security Testing (SAST)

SAST finds vulnerabilities in your own code — injection flaws, insecure deserialisation, hardcoded logic errors — before it ships.

Semgrep is the easiest on-ramp for SMBs. It's fast, supports 30+ languages, and runs without building your code. CodeQL (GitHub-native) offers deeper semantic analysis but requires more setup.

GitHub Actions — Semgrep

- name: Semgrep SAST
  uses: returntocorp/semgrep-action@v1
  with:
    config: >-
      p/default
      p/security-audit
  env:
    SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_TOKEN }}

GitLab CI — CodeQL

codeql-sast:
  stage: test
  image: github/codeql-action
  script:
    - codeql database create --language=javascript /db
    - codeql database analyze /db javascript-security-extended --format=sarif-latest --output=results.sarif
  artifacts:
    paths:
      - results.sarif

Start advisory-only. Let SAST run on every PR but post results as comments, not blockers. Once you've tuned out the false positives over 2–4 weeks, promote critical and high findings to fail-the-build. This prevents developer revolt while you calibrate signal-to-noise.

Layer 2: Software Composition Analysis (SCA)

SCA scans your third-party dependencies for known vulnerabilities. Given that the Axios compromise was live for only three hours, automated scanning at install time is your only realistic defence at scale.

Trivy (open source, fast) for container and filesystem scanning. OSV-Scanner (Google-backed) for precise vulnerability matching via the OSV database. Snyk for commercial-grade monitoring with upgrade PRs.

GitHub Actions — Trivy filesystem scan

- name: Trivy SCA
  uses: aquasecurity/trivy-action@master
  with:
    scan-type: 'fs'
    scan-ref: '.'
    severity: 'CRITICAL,HIGH'
    exit-code: '1'

Setting exit-code: '1' makes critical and high findings fail the build immediately. For a gentler start, set exit-code: '0' (advisory-only) and review results in the job log before tightening.

GitLab CI — OSV-Scanner

osv-scan:
  stage: test
  image: ghcr.io/google/osv-scanner:latest
  script:
    - osv-scanner --lockfile=package-lock.json --format=json --output=osv-results.json || true
    - osv-scanner --lockfile=package-lock.json --fail-on=HIGH

Fail-the-build for critical CVEs with known exploits. Advisory-only for medium/low. The Axios incident proves that window-of-exposure matters — a CVE that's three hours old with a patch available should fail your pipeline immediately.

Layer 3: Secret Scanning

This is the layer that would have caught most of the 2025–2026 supply chain campaigns. Every major attack targeted credentials — AWS keys, npm tokens, GitHub PATs, SSH keys.

Gitleaks scans git history for leaked secrets. TruffleHog does deep verification (it checks whether credentials are still active). GitHub secret scanning runs natively on public repos and GitHub Advanced Security for private repos.

Pre-commit hook — Gitleaks (catches secrets before they're pushed)

# .pre-commit-config.yaml
repos:
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.21.2
    hooks:
      - id: gitleaks

GitHub Actions — TruffleHog (catches secrets in PRs)

- name: TruffleHog Secret Scan
  uses: trufflesecurity/trufflehog@main
  with:
    extra_args: --only-verified

The --only-verified flag is critical — it filters out unverified matches and dramatically reduces false positives. Without it, you'll drown in noise from test fixtures and mock credentials.

Secret scanning should always fail the build. There is no legitimate reason for a real AWS key or npm token to appear in source code. No advisory mode here — block the merge.

Fail-the-Build vs Advisory-Only: Decision Framework

Tool Advisory Phase Fail-the-Build Phase Timeline
SAST (Semgrep/CodeQL) All findings as comments CRITICAL/HIGH block merge 2–4 weeks tuning
SCA (Trivy/OSV/Snyk) CRITICAL with no patch available CRITICAL with known exploit or patch available Day 1 for exploitable
Secret scanning (Gitleaks/TruffleHog) Never Always Day 1, no exceptions

SLSA Level 1 Quick Wins

SLSA (Supply-chain Levels for Software Artefacts) Level 1 requires documented provenance — a record of how your artefact was built. You can achieve this today:

  1. Enable GitHub Actions provenance generation — add permissions: id-token: write to your workflow and use the actions/attest-build-provenance action
  2. Pin all action versions to SHA — not tags. TeamPCP force-pushed 76 GitHub Action tags. SHA-pinning defeats this.
# DO: pin to SHA
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

# DON'T: pin to tag only
uses: actions/checkout@v4
  1. Sign your container images with Cosign and publish the signature alongside the image. Consumers can verify provenance before pulling.

FAQ

Do I need all three layers (SAST, SCA, secret scanning) from day one? No. Start with secret scanning (highest signal, lowest noise), add SCA next (directly addresses supply chain risk), then layer in SAST last (requires more tuning). Ship one per sprint.

Won't this slow down our CI pipeline? Semgrep adds 10–30 seconds. Trivy adds 15–45 seconds depending on image size. Gitleaks adds under 10 seconds. These run in parallel stages — total wall-clock impact is under two minutes if you structure your pipeline correctly.

What about false positives destroying developer trust? That's why you start advisory-only for SAST and SCA. Run them for 2–4 weeks, suppress confirmed false positives, then promote to blocking. Secret scanning has virtually no false positives when you use --only-verified (TruffleHog) or GitHub's native scanning.

Is this relevant for a 10-person team or only enterprises? The Axios compromise affected every team size. Supply chain attacks don't discriminate by company headcount — they discriminate by dependency footprint. If you run npm install, this applies to you.

Conclusion

The 2025–2026 supply chain attack wave proved that trusting your dependencies is a vulnerability, not an assumption. The good news: you can layer SAST, SCA, and secret scanning into your existing GitHub Actions or GitLab CI pipeline in under a day. Start with secret scanning (block immediately), add SCA (fail on criticals with patches), and tune SAST into blocking mode over a few weeks. Pin your actions to SHA. Generate SLSA provenance. These aren't theoretical — they directly address how the Axios, Shai-Hulud, and TeamPCP campaigns operated.

Visit consult.lil.business for a free cybersecurity assessment of your CI/CD pipeline and supply chain posture.

References

  1. Palo Alto Unit 42 — The npm Threat Landscape: Attack Surface and Mitigations — unit42.paloaltons.com/monitoring-npm-supply-chain-attacks
  2. GitGuardian — No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours — blog.gitguardian.com/three-supply-chain-campaigns-hit-npm-pypi-and-docker-hub-in-48-hours
  3. SLSA — Supply-chain Levels for Software Artefacts Specification — slsa.dev/spec/v1.0
  4. StepSecurity — elementary-data Compromised on PyPI and GHCR — stepsecurity.io/blog/elementary-data-compromised-on-pypi-and-ghcr
  5. NIST SP 800-218 — Secure Software Development Framework (SSDF) — csrc.nist.gov/publications/detail/sp/800-218/final

Ready to strengthen your security?

Talk to lilMONSTER. We assess your risks, build the tools, and stay with you after the engagement ends. No clipboard-and-leave consulting.

Get a Free Consultation