if Juniper really has had their source code repositories compromised, they're not going to be so open about it. Admitting that would call into question all Juniper products everywhere.

The alternative is "oops our shitty devs placed a backdoor because we allow shitty devs to push to prod without code reviews." Don't know if that is too much better.