|
|
|
|
|
|
by exyi
82 days ago
|
|
|
Except that LiteLLM probably got pwned because they used Trivy in CI. If Trivy ran in a proper sandbox, the compromised job could not publish a compromised package. (Yes, they should better configure which CI job has which permissions, but this should be the default or it won't always happen) |
|
|