Detecting supply chain attacks at scale with Deep Search

A recent security incident involved poisoned versions of the LiteLLM package (1.82.7 and 1.82.8) on PyPI, which compromised cloud credentials, SSH keys, and Kubernetes secrets from affected systems. The attack, perpetrated by a group known as TeamPCP, highlighted the importance of version pinning in protecting software repositories, as unpinned or range-based dependencies allowed the malicious versions to be installed. Using tools like Deep Search and Code Search, it was possible to identify which repositories were at risk and which had safeguards in place, such as specific version pinning to avoid compromised releases. The incident emphasizes the need for careful management of software dependencies, advocating for practices like setting upper bounds and auditing CI/CD pipelines to prevent similar supply chain attacks.