Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
The Hacker News

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...
GitHub

config.multi-provider.yaml

# "local-vllm" → 127.0.0.1:8000 (no auth — local backend) # Failover: gpt-4o prefers OpenAI, falls back to Azure. # Each provider's auth format is driven by the profile type. # The actual key comes ...
GitHub

risk-based-testing.yaml

Tests risk scoring, test prioritization, and coverage optimization.