{"id":9235,"date":"2026-03-29T09:58:17","date_gmt":"2026-03-29T07:58:17","guid":{"rendered":"https:\/\/www.almtoolbox.com\/blog\/?p=9235"},"modified":"2026-03-29T11:07:51","modified_gmt":"2026-03-29T09:07:51","slug":"how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines","status":"publish","type":"post","link":"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/","title":{"rendered":"How JFrog Stops Supply Chain Attacks Like the PyPI LiteLLM Malware in DevOps Pipelines"},"content":{"rendered":"
\n
\"Jfrog<\/figure>\n<\/div>\n\n\n

In today’s threat landscape, supply chain attacks like the recent PyPI LiteLLM compromise – where backdoored packages stole Kubernetes credentials – highlight the urgent need for robust defenses. <\/p>\n\n\n\n

JFrog solutions provide enterprise-grade protection by proxying, scanning, and blocking malicious artifacts before they infiltrate your software development environment. <\/p>\n\n\n\n

This guide breaks down how JFrog Artifactory, Curation, and Xray secure your CI\/CD pipelines against such risks.<\/p>\n\n\n\n

Why Supply Chain Attacks Target DevOps Teams?<\/h2>\n\n\n\n

Attackers exploit public repositories like PyPI with typosquatting or malicious uploads, as seen in LiteLLM’s .pth backdoor that evaded basic scans.
Direct pulls from these sources bypass traditional security, injecting malware into Docker builds, Kubernetes clusters, or GitLab runners. <\/p>\n\n\n\n

Jfrog Solutions:<\/h2>\n\n\n\n

JFrog acts as a secure gatekeeper, ensuring only vetted packages enter your air-gapped or cloud-native workflows.<\/p>\n\n\n\n

1. JFrog Artifactory: Your Universal Package Proxy<\/h3>\n\n\n\n

JFrog Artifactory proxies requests to PyPI, npm, and more, caching trusted versions while blocking suspicious ones at the edge. Configure it as a pull-through cache in your GitLab CI YAML – developers pip install seamlessly, but all traffic routes through JFrog for inspection. This prevents incidents like LiteLLM by enforcing virtual repositories that mirror official sources without direct exposure.<\/p>\n\n\n\n

2. JFrog Curation: Block Malware at Download Time<\/h3>\n\n\n\n

JFrog Curation uses real-time threat intelligence to auto-block vulnerable, malicious, or abandoned packages based on customizable policies. For PyPI risks, set rules to reject packages with known CVEs, risky licenses, or JFrog’s malware database hits – like the TeamPCP LiteLLM variants. In self-managed setups, it supports offline curation, perfect for regulated DevSecOps environments.<\/p>\n\n\n\n

3. JFrog Xray: Deep SCA and Binary Analysis<\/h3>\n\n\n\n

Xray scans binaries, containers, and SBOMs for secrets, malware signatures, and supply chain vulnerabilities across your full pipeline. Integrate it into Kubernetes admission controllers or GitLab stages to fail builds on detected threats, such as credential stealers hidden in compiled Python wheels. Unlike static SAST tools, Xray’s metadata analysis traces dependencies back to sources, prioritizing fixes with risk scores.<\/p>\n\n\n\n

JFrog vs. PyPI Attacks: Feature Breakdown<\/h2>\n\n\n\n

<\/p>\n\n\n\n

\n
\n
JFrog Tool<\/th>Attack Prevention<\/th><\/tr><\/thead>
Artifactory Proxy<\/td>Centralizes all pulls<\/td><\/tr>
Curation Policies<\/td>Blocks by threat intel<\/td><\/tr>
Xray Scanning<\/td>Detects runtime malware<\/td><\/tr>
SBOM Integration<\/td>Enables traceability<\/td><\/tr>
Binary Secret Scan<\/td>Finds hidden leaks<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div>\n<\/div>\n\n\n\n
<\/div>\n\n\n\n

Implementing JFrog in GitLab CI\/CD for DevSecOps<\/h3>\n\n\n\n

Start with a virtual PyPI repo in Artifactory, then add Xray scans:<\/p>\n\n\n\n

textpipelines:\n  build:\n    - script:\n        - pip install --index-url $JFROG_PIP_URL -r requirements.txt\n        - jfrog rt scan --fail=false  # Xray integration<\/code><\/pre>\n\n\n\n
This setup reduced supply chain MTTR by 80% in similar enterprise cases, per JFrog benchmarks. For Kubernetes, use Xray policies to gate container images.<\/p>\n\n\n\n
Implementing JFrog in GitLab CI\/CD for DevSecOps<\/h3>\n\n\n\n
Configure a virtual PyPI repository in Artifactory as your package source, then integrate via Azure Pipelines YAML for seamless scanning:<\/p>\n\n\n\n
textpipelines:<\/code>
trigger:
- main

pool:
  vmImage: 'ubuntu-latest'

steps:
- task: UsePythonVersion@0
  inputs:
    versionSpec: '3.9'

- script: |
    pip install -i $(JFROG_PIP_INDEX) -r requirements.txt
    jfrog rt scan --fail=false --url=$(JFROG_URL)  # Xray policy check
  displayName: 'Install deps & JFrog Xray scan'
  env:
    JFROG_PIP_INDEX: $(JFROG_VIRTUAL_REPO_URL)
    JFROG_URL: $(JFROG_INSTANCE)
    JFROG_TOKEN: $(JFROG_ACCESS_TOKEN)
<\/code><\/pre>\n\n\n\n
Use Azure service connections for JFrog credentials and add Xray as a build\/release gate. This enforces curation policies on every\u00a0pip install<\/code>, blocking LiteLLM-like threats before they hit your Azure-hosted agents or AKS clusters – streamlining compliance for US\/EU projects.<\/p>\n\n\n\n
<\/div>\n\n\n\n
Key Takeaways for Secure DevOps<\/h2>\n\n\n\n
JFrog transforms your development environment into a hardened fortress against supply chain threats, from PyPI malware to OSS vulnerabilities. Ideal for DevOps architects handling US\/EU compliance, it scales from self-hosted to cloud without workflow friction. <\/p>\n\n\n\n
Do you want to block the next LiteLLM? Contact us and get a trial and curate your repos today.<\/p>\n\n\n\n
ALM Toolbox is the official representative of JFrog, providing support and licensing for JFrog solutions, including Artifactory, Xray, Curation, and more, as well as infrastructural DevOps and DevSecOps \/ AppSec assistance for building a secure supply chain for secure code and application builds, and integration into development processes (SDLC \/ ALM) and development tools. 
For more details, you can contact us: jfrog@almtoolbox.com<\/a> or by phone at <\/em>
866-503-1471<\/em> (USA \/ Canada) or +31 85 064 4633<\/p>\n","protected":false},"excerpt":{"rendered":"
In the wake of the PyPI LiteLLM supply chain attack that backdoored packages to steal Kubernetes credentials, JFrog emerges as DevSecOps shield. Discover how Artifactory proxies, Curation blocks malicious deps, and Xray scans binaries – complete with GitLab CI\/CD and Azure DevOps.<\/p>\n","protected":false},"author":10,"featured_media":9121,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[649,184,648,650],"tags":[391,770,772,769,765],"class_list":["post-9235","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-artifactory","category-devsecops","category-jfrog","category-jfrog-xray","tag-gitlab-ci-cd","tag-itellm-attack","tag-litellm-attack","tag-pypi-malware","tag-supply-chain-security"],"yoast_head":"\nHow JFrog Stops Supply Chain Attacks Like the PyPI LiteLLM Malware in DevOps Pipelines - ALMtoolbox News<\/title>\n<meta name=\"description\" content=\"Learn how to secure DevOps pipelines against LiteLLM malware with JFrog Artifactory, Xray and Curation, including GitLab & Azure DevOps\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How JFrog Stops Supply Chain Attacks Like the PyPI LiteLLM Malware in DevOps Pipelines - ALMtoolbox News\" \/>\n<meta property=\"og:description\" content=\"Learn how to secure DevOps pipelines against LiteLLM malware with JFrog Artifactory, Xray and Curation, including GitLab & Azure DevOps\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/\" \/>\n<meta property=\"og:site_name\" content=\"ALMtoolbox News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/almtoolbox.israel\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-29T07:58:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-29T09:07:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/03\/jfrog-curation-centralized-visibility-control-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"576\" \/>\n\t<meta property=\"og:image:height\" content=\"416\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tamir Gefen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Dikla\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tamir Gefen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/\"},\"author\":{\"name\":\"Tamir Gefen\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63\"},\"headline\":\"How JFrog Stops Supply Chain Attacks Like the PyPI LiteLLM Malware in DevOps Pipelines\",\"datePublished\":\"2026-03-29T07:58:17+00:00\",\"dateModified\":\"2026-03-29T09:07:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/\"},\"wordCount\":616,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/03\/jfrog-curation-centralized-visibility-control-1.jpg\",\"keywords\":[\"gitlab ci\/cd\",\"iteLLM Attack\",\"LiteLLM attack\",\"PyPI Malware\",\"supply chain security\"],\"articleSection\":[\"Artifactory\",\"DevSecOps\",\"Jfrog\",\"Jfrog Xray\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/\",\"name\":\"How JFrog Stops Supply Chain Attacks Like the PyPI LiteLLM Malware in DevOps Pipelines - ALMtoolbox News\",\"isPartOf\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/03\/jfrog-curation-centralized-visibility-control-1.jpg\",\"datePublished\":\"2026-03-29T07:58:17+00:00\",\"dateModified\":\"2026-03-29T09:07:51+00:00\",\"description\":\"Learn how to secure DevOps pipelines against LiteLLM malware with JFrog Artifactory, Xray and Curation, including GitLab & Azure DevOps\",\"breadcrumb\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#primaryimage\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/03\/jfrog-curation-centralized-visibility-control-1.jpg\",\"contentUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/03\/jfrog-curation-centralized-visibility-control-1.jpg\",\"width\":576,\"height\":416,\"caption\":\"jfrog\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.almtoolbox.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How JFrog Stops Supply Chain Attacks Like the PyPI LiteLLM Malware in DevOps Pipelines\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#website\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/\",\"name\":\"ALMtoolbox News\",\"description\":\"All the news of ALMtoolbox\",\"publisher\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.almtoolbox.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#organization\",\"name\":\"ALMtoolbox\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png\",\"contentUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png\",\"width\":410,\"height\":190,\"caption\":\"ALMtoolbox\"},\"image\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/almtoolbox.israel\/\",\"https:\/\/www.linkedin.com\/company\/almtoolbox\/\",\"https:\/\/www.youtube.com\/user\/GoMidjets\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63\",\"name\":\"Tamir Gefen\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g\",\"caption\":\"Tamir Gefen\"},\"sameAs\":[\"https:\/\/x.com\/Dikla\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How JFrog Stops Supply Chain Attacks Like the PyPI LiteLLM Malware in DevOps Pipelines - ALMtoolbox News","description":"Learn how to secure DevOps pipelines against LiteLLM malware with JFrog Artifactory, Xray and Curation, including GitLab & Azure DevOps","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/","og_locale":"en_US","og_type":"article","og_title":"How JFrog Stops Supply Chain Attacks Like the PyPI LiteLLM Malware in DevOps Pipelines - ALMtoolbox News","og_description":"Learn how to secure DevOps pipelines against LiteLLM malware with JFrog Artifactory, Xray and Curation, including GitLab & Azure DevOps","og_url":"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/","og_site_name":"ALMtoolbox News","article_publisher":"https:\/\/www.facebook.com\/almtoolbox.israel\/","article_published_time":"2026-03-29T07:58:17+00:00","article_modified_time":"2026-03-29T09:07:51+00:00","og_image":[{"width":576,"height":416,"url":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/03\/jfrog-curation-centralized-visibility-control-1.jpg","type":"image\/jpeg"}],"author":"Tamir Gefen","twitter_card":"summary_large_image","twitter_creator":"@Dikla","twitter_misc":{"Written by":"Tamir Gefen","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#article","isPartOf":{"@id":"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/"},"author":{"name":"Tamir Gefen","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63"},"headline":"How JFrog Stops Supply Chain Attacks Like the PyPI LiteLLM Malware in DevOps Pipelines","datePublished":"2026-03-29T07:58:17+00:00","dateModified":"2026-03-29T09:07:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/"},"wordCount":616,"commentCount":0,"publisher":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#primaryimage"},"thumbnailUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/03\/jfrog-curation-centralized-visibility-control-1.jpg","keywords":["gitlab ci\/cd","iteLLM Attack","LiteLLM attack","PyPI Malware","supply chain security"],"articleSection":["Artifactory","DevSecOps","Jfrog","Jfrog Xray"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/","url":"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/","name":"How JFrog Stops Supply Chain Attacks Like the PyPI LiteLLM Malware in DevOps Pipelines - ALMtoolbox News","isPartOf":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#primaryimage"},"image":{"@id":"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#primaryimage"},"thumbnailUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/03\/jfrog-curation-centralized-visibility-control-1.jpg","datePublished":"2026-03-29T07:58:17+00:00","dateModified":"2026-03-29T09:07:51+00:00","description":"Learn how to secure DevOps pipelines against LiteLLM malware with JFrog Artifactory, Xray and Curation, including GitLab & Azure DevOps","breadcrumb":{"@id":"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#primaryimage","url":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/03\/jfrog-curation-centralized-visibility-control-1.jpg","contentUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/03\/jfrog-curation-centralized-visibility-control-1.jpg","width":576,"height":416,"caption":"jfrog"},{"@type":"BreadcrumbList","@id":"https:\/\/www.almtoolbox.com\/blog\/how-jfrog-stops-supply-chain-attacks-litellm-malware-devops-pipelines\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.almtoolbox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How JFrog Stops Supply Chain Attacks Like the PyPI LiteLLM Malware in DevOps Pipelines"}]},{"@type":"WebSite","@id":"https:\/\/www.almtoolbox.com\/blog\/#website","url":"https:\/\/www.almtoolbox.com\/blog\/","name":"ALMtoolbox News","description":"All the news of ALMtoolbox","publisher":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.almtoolbox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.almtoolbox.com\/blog\/#organization","name":"ALMtoolbox","url":"https:\/\/www.almtoolbox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png","contentUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png","width":410,"height":190,"caption":"ALMtoolbox"},"image":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/almtoolbox.israel\/","https:\/\/www.linkedin.com\/company\/almtoolbox\/","https:\/\/www.youtube.com\/user\/GoMidjets"]},{"@type":"Person","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63","name":"Tamir Gefen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g","caption":"Tamir Gefen"},"sameAs":["https:\/\/x.com\/Dikla"]}]}},"_links":{"self":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts\/9235","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/comments?post=9235"}],"version-history":[{"count":14,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts\/9235\/revisions"}],"predecessor-version":[{"id":9256,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts\/9235\/revisions\/9256"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/media\/9121"}],"wp:attachment":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/media?parent=9235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/categories?post=9235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/tags?post=9235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}