[Docs] Add cosign Docker image verification steps to security blog posts#25122
[Docs] Add cosign Docker image verification steps to security blog posts#25122krrish-berri-2 merged 7 commits intomainfrom
Conversation
Add steps for verifying Docker images with cosign to three security blog posts: CI/CD v2, Security Townhall, and Security Update. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
|
Greptile SummaryThis PR adds cosign Docker image verification instructions to three security-related blog posts (
Confidence Score: 4/5Safe to merge after resolving the GHCR-scope inaccuracy in deploy.md and confirming the security tooling deletions are intentional. One P1 finding: deploy.md omits the GHCR-only and v1.83.0-nightly+ scoping that all blog posts include, and the adjacent Docker example uses a Docker Hub URL that cannot be cosign-verified. This is a correctness issue in the user-facing deployment docs that could mislead users into thinking older or Docker Hub images are signed when they are not. docs/my-website/docs/proxy/deploy.md (line 70 over-broad claim) and the five deleted security tooling files need confirmation.
|
| Filename | Overview |
|---|---|
| docs/my-website/docs/proxy/deploy.md | New 'Verify Docker image signatures' section added but over-claims all images are signed without scoping to GHCR or the v1.83.0-nightly+ version constraint |
| docs/my-website/blog/ci_cd_v2_improvements/index.md | New section correctly scopes cosign signing to GHCR images starting from v1.83.0-nightly with clear verification steps |
| docs/my-website/blog/security_townhall_updates/index.md | Updated transition sentence from 'begun working on it' to 'shipped it' and added correctly scoped cosign verification subsection |
| docs/my-website/blog/security_update_march_2026/index.md | New 'Verify Docker image signatures' section added with correct GHCR scoping and version constraint |
| ci_cd/security_scans.sh | File deleted — comprehensive Trivy + Grype scan runner removed without explanation in a docs PR |
| ci_cd/.grype.yaml | File deleted — Grype CVE ignore list with documented rationale removed without explanation |
| .trivyignore | File deleted — root Trivy CVE allowlist removed without explanation |
| ui/litellm-dashboard/.trivyignore | File deleted — UI-specific Trivy CVE allowlist removed without explanation |
| .github/workflows/run_llm_translation_tests.py | File mode change only (755→644), no content change |
Sequence Diagram
sequenceDiagram
actor User
participant GHCR as GHCR Registry
participant GitHub as GitHub Raw
participant Cosign as cosign CLI
User->>GHCR: Pull ghcr.io/berriai/litellm:<tag>
User->>GitHub: Fetch cosign.pub from raw.githubusercontent.com/<tag>/cosign.pub
User->>Cosign: cosign verify --key cosign.pub ghcr.io/berriai/litellm:<tag>
Cosign->>GHCR: Retrieve image manifest + signature
Cosign->>Cosign: Validate signature against public key
Cosign-->>User: Verification result (claims validated, signatures verified)
Reviews (5): Last reviewed commit: "[Docs] Add starting version callout to c..." | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| We believe that [Cosign](https://github.com/sigstore/cosign) is a good fit for this, and have already begun working on it [PR](https://github.com/BerriAI/litellm/pull/24683). | ||
|
|
||
| #### How to verify a Docker image with Cosign | ||
|
|
||
| All LiteLLM Docker images are now signed with [cosign](https://docs.sigstore.dev/cosign/overview/). To verify the integrity of an image before deploying: |
There was a problem hiding this comment.
The sentence immediately preceding the new subsection reads:
"We believe that Cosign is a good fit for this, and have already begun working on it [PR]."
But the very next subsection opens with:
"All LiteLLM Docker images are now signed with cosign."
A reader will see these two statements in the same paragraph/section and interpret them as contradictory — the older sentence implies signing is in progress/incomplete, while the new one states it is fully done. Consider updating the transition sentence to reflect the completed status, e.g.:
| We believe that [Cosign](https://github.com/sigstore/cosign) is a good fit for this, and have already begun working on it [PR](https://github.com/BerriAI/litellm/pull/24683). | |
| #### How to verify a Docker image with Cosign | |
| All LiteLLM Docker images are now signed with [cosign](https://docs.sigstore.dev/cosign/overview/). To verify the integrity of an image before deploying: | |
| We believe that [Cosign](https://github.com/sigstore/cosign) is a good fit for this, and have shipped it in [PR #24683](https://github.com/BerriAI/litellm/pull/24683). |
…page Add image signature verification steps to the main deployment doc so users pulling Docker images know how to verify them with cosign. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
|
||
| ## Verify Docker image signatures | ||
|
|
||
| All LiteLLM Docker images are signed with [cosign](https://docs.sigstore.dev/cosign/overview/). To verify the integrity of an image before deploying: |
There was a problem hiding this comment.
The phrasing here makes it look like this was always the case. We should be clear from which version this is implemented from. @yuneng-berri
|
|
||
| ## Verify Docker image signatures | ||
|
|
||
| All LiteLLM Docker images are signed with [cosign](https://docs.sigstore.dev/cosign/overview/). To verify the integrity of an image before deploying: |
There was a problem hiding this comment.
The phrasing here makes it look like this was always the case. We should be clear from which version this is implemented from. @yuneng-berri
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…sts (BerriAI#25122) * docs(blog): add cosign Docker image verification instructions Add steps for verifying Docker images with cosign to three security blog posts: CI/CD v2, Security Townhall, and Security Update. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs(proxy): add cosign verification to Docker/Helm/Terraform deploy page Add image signature verification steps to the main deployment doc so users pulling Docker images know how to verify them with cosign. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: fixes * Update index.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * [Docs] Scope cosign signing docs to GHCR and specify starting version Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * [Docs] Add starting version callout to ci_cd_v2 blog post Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Krrish Dholakia <krrish+github@berri.ai> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
4 participants
Summary
Problem
The cosign Docker image verification steps from the release GHA workflow are not documented in the security-related blog posts, so users don't know how to verify image signatures.
Fix
Added cosign verification instructions to three blog posts:
Type
📖 Documentation