litellm

mirror of https://github.com/tiennm99/litellm.git synced 2026-06-29 19:04:28 +00:00

Files

T

Yuneng Jiang 30565581be [Infra] Pin cosign.pub verification to initial commit hash

Pin all cosign public key references to the immutable commit hash
(0112e53) that first introduced the key, instead of fetching it from
the release tag. This addresses the concern that an attacker with push
access could replace the key on main/tags and re-sign tampered images.

Docs now show two verification methods: commit hash (recommended) and
release tag (convenience), with explanation of why the hash is stronger.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-06 22:53:23 -07:00

actions/helm-oci-chart-releaser

fix: address zizmor comments

2026-03-26 21:09:01 -07:00

codeql

[Infra] Improve CodeQL scanning coverage and schedule

2026-03-27 12:04:09 -07:00

ISSUE_TEMPLATE

docs: document new github + gitlab ci scripts

2026-03-25 20:17:10 -07:00

observatory

Add observatory test workflow for RC/stable releases