dbt BigQuery Adapter
PyPIdbt-bigquerydbt-bigquery is the BigQuery adapter for dbt Core, translating dbt's SQL dialect to BigQuery SQL and managing authentication via Google service account credentials. It is required for any dbt project targeting BigQuery. Service accounts used with this adapter typically have BigQuery Data Editor or Data Owner roles.
Checking dbt BigQuery Adapter
dbt-bigquery 1.8.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.
curl "https://api.attestd.io/v1/check?product=dbt-bigquery&version=1.8.0" \
-H "Authorization: Bearer YOUR_API_KEY"{
"product": "dbt-bigquery",
"version": "1.8.0",
"supported": true,
"risk_state": "none",
"supply_chain": {
"compromised": false,
"sources": [],
"malware_type": null,
"description": null,
"advisory_url": null,
"compromised_at": null,
"removed_at": null
},
"last_updated": "2026-05-01T00:00:00Z"
}Why this package is monitored
Cloud data warehouse adapters handle service account keys or OAuth tokens with broad data access. A compromised adapter package can extract these credentials and forward them to an external endpoint before the first dbt model runs.
Attestd monitors dbt-bigquery using the following detection sources:
registryManually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.
osvOSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.
pypi_yankVersions yanked on PyPI with a security-related yanked_reason annotation. Confidence 0.80.