TL;DR: LiteLLM now signs all official Docker images using Cosign to prevent container supply chain attacks.
Summary: BerriAI has introduced cryptographic signing for all LiteLLM Docker images starting in release v1.87.1. Developers can verify the authenticity of the images using Cosign and a pinned public key from the repository. This guarantees that self-hosted LLM gateway deployments are running verified, unaltered code.
Why it matters: Securing LLM proxies is critical since they manage sensitive API keys and route private user data. Teams deploying LiteLLM in production should integrate Cosign verification into their container deployment pipelines.
Source: github.com