Webinar Description
Key Takeaways
- Explores the latest tactics used by attackers to disguise malicious open source packages
- Draws on Sonatype’s research into over 4,300 malicious packages
- Highlights real-world examples from React, ESLint, and Tailwind ecosystems
- Focuses on practical methods for evaluating and vetting dependencies
- Equips developers and engineering teams with actionable strategies to secure CI/CD pipelines
The webinar “Stop Malicious Packages Before They Hit Your Build” addresses a growing concern in the software development community: the infiltration of malicious open source packages into build pipelines. As attackers adopt increasingly sophisticated methods, the risks to organizations relying on open source components have never been higher. This session, hosted by Sonatype, brings together security researchers and product experts to share research-driven insights and practical guidance for defending against these evolving threats.
Understanding the Evolving Threat Landscape
Malicious package attacks have moved well beyond simple typosquatting. Attackers now publish packages that closely mimic legitimate plugins, SDKs, configuration files, and helper libraries, making them harder to detect. The session draws on Sonatype’s analysis of thousands of malicious packages, offering a window into the latest attacker tactics and the operational challenges they create for development teams.
Industry Context and Relevance
Open source software has become foundational across industries, from technology and financial services to manufacturing and healthcare. With this widespread adoption comes increased risk: a single compromised dependency can have far-reaching consequences. The event situates these risks within the broader context of application security and software supply chain management, emphasizing why vigilance is critical now.
Practical Skills for Developers and Security Teams
Rather than focusing on theory, the webinar delivers actionable strategies for identifying and mitigating malicious packages before they impact builds. Attendees learn to recognize risky naming patterns, spot suspicious dependencies, and implement checks that strengthen operational security in developer environments and CI/CD pipelines. Real-world examples from popular ecosystems such as React, ESLint, and Tailwind illustrate the practical implications of these threats.
Who Should Attend?
This session is designed for software developers, DevOps engineers, application security professionals, and engineering managers—particularly those working in organizations that rely on open source components. The content is especially relevant for teams in sectors with active software development operations, including technology, finance, manufacturing, and healthcare.
Workshop Format and Expert Insights
The event adopts a workshop-style, virtual format, featuring speakers from Sonatype’s product marketing and security research teams. The focus remains on practical, research-driven insights that attendees can immediately apply to their own development and security practices.
Why This Topic Matters Now
As software supply chain attacks become more frequent and sophisticated, organizations face mounting pressure to secure their development pipelines. This webinar responds to that urgency, offering timely guidance for reducing the risk of malicious code entering builds and reaching production environments. The emphasis on actionable, real-world strategies reflects the operational realities facing today’s development and security teams.