Identifying and Avoiding Malicious Packages

Securing your software supply chain is absolutely critical as attackers are getting more sophisticated in their ability to infect software at all stages of the development lifecycle. This webinar will be a technical showcase of the different types of malicious packages that are prevalent today in the PyPI (Python) and npm (Node.js) package repositories. All examples shown in the webinar will be based on real data and malicious packages that were identified and disclosed by the JFrog security research team.

We will dive into:

  • The types of attacks and types of payloads contained in these malicious packages
  • Explain how these malicious packages can be identified and rejected
  • Best practices for a secure development workflow and the relevant OSS tools you can use.
  • Conclusion / Q&A