TL;DR: LiteLLM now signs all Docker images with Cosign to ensure secure deployments for AI builders.
Summary: BerriAI released LiteLLM version 1.85.4, introducing container image signatures verified via Cosign. Developers can verify image authenticity using a pinned commit hash of the public key or the release tag. This enhancement improves security for self-hosted instances of the popular LLM proxy.
Why it matters: This update prevents supply-chain attacks on containerized LLM gateways. Builders should integrate Cosign verification into their deployment pipelines to ensure image integrity.
Source: github.com